Changsha Developer Technology iView Editor Markdown cross site scripting

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10949

Source VulDB

Published Sep 25, 2025 at 14:32

Modified Sep 25, 2025 at 15:48

Affected Product

Vendor Changsha Developer Technology

Product iView Editor

Version 1.1.0

Affected Versions Changsha Developer Technology iView Editor 1.1.0
Changsha Developer Technology iView Editor 1.1.1

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-25T14:32:06.324Z",
    "modified": "2025-09-25T15:48:50.191Z",
    "type": "cve",
    "title": "Changsha Developer Technology iView Editor Markdown cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325819\nhttps://vuldb.com/?ctiid.325819\nhttps://vuldb.com/?submit.652402\nhttps://github.com/duckpigdog/CVE/blob/main/iView%20Editor%20XSS.docx",
    "id": "CVE-2025-10949",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Changsha Developer Technology iView Editor 1.1.0\nChangsha Developer Technology iView Editor 1.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iView Editor",
    "version": "1.1.0",
    "vendor": "Changsha Developer Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Changsha Developer Technology iView Editor Markdown cross site scripting_CVE-2025-10949