Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for iView Editor by Changsha Developer Technology
CVE-2025-10949 (GCVE-0-2025-10949)
Vulnerability from nvd – Published: 2025-09-25 14:32 – Updated: 2025-09-25 15:48
VLAI
Title
Changsha Developer Technology iView Editor Markdown cross site scripting
Summary
A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325819 | vdb-entry |
| https://vuldb.com/?ctiid.325819 | signaturepermissions-required |
| https://vuldb.com/?submit.652402 | third-party-advisory |
| https://github.com/duckpigdog/CVE/blob/main/iView… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Changsha Developer Technology | iView Editor |
Affected:
1.1.0
Affected: 1.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:46:20.804533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:50.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Markdown Handler"
],
"product": "iView Editor",
"vendor": "Changsha Developer Technology",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "suc2es2 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Changsha Developer Technology iView Editor up to 1.1.1 ist eine Schwachstelle entdeckt worden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Markdown Handler. Die Manipulation f\u00fchrt zu cross site scripting. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:32:06.324Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325819 | Changsha Developer Technology iView Editor Markdown cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.325819"
},
{
"name": "VDB-325819 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325819"
},
{
"name": "Submit #652402 | Changsha Developer Technology Co., Ltd. iView Editor \u003c=1.1.1 XSS vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.652402"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/duckpigdog/CVE/blob/main/iView%20Editor%20XSS.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-25T08:12:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "Changsha Developer Technology iView Editor Markdown cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10949",
"datePublished": "2025-09-25T14:32:06.324Z",
"dateReserved": "2025-09-25T06:06:47.025Z",
"dateUpdated": "2025-09-25T15:48:50.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10949 (GCVE-0-2025-10949)
Vulnerability from cvelistv5 – Published: 2025-09-25 14:32 – Updated: 2025-09-25 15:48
VLAI
Title
Changsha Developer Technology iView Editor Markdown cross site scripting
Summary
A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325819 | vdb-entry |
| https://vuldb.com/?ctiid.325819 | signaturepermissions-required |
| https://vuldb.com/?submit.652402 | third-party-advisory |
| https://github.com/duckpigdog/CVE/blob/main/iView… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Changsha Developer Technology | iView Editor |
Affected:
1.1.0
Affected: 1.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:46:20.804533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:50.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Markdown Handler"
],
"product": "iView Editor",
"vendor": "Changsha Developer Technology",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "suc2es2 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Changsha Developer Technology iView Editor up to 1.1.1 ist eine Schwachstelle entdeckt worden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Markdown Handler. Die Manipulation f\u00fchrt zu cross site scripting. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:32:06.324Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325819 | Changsha Developer Technology iView Editor Markdown cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.325819"
},
{
"name": "VDB-325819 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325819"
},
{
"name": "Submit #652402 | Changsha Developer Technology Co., Ltd. iView Editor \u003c=1.1.1 XSS vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.652402"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/duckpigdog/CVE/blob/main/iView%20Editor%20XSS.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-25T08:12:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "Changsha Developer Technology iView Editor Markdown cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10949",
"datePublished": "2025-09-25T14:32:06.324Z",
"dateReserved": "2025-09-25T06:06:47.025Z",
"dateUpdated": "2025-09-25T15:48:50.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}