Preface
WangEditor 5 is an html rich text editor component developed based on javascript and css, which is open source and free. The first version of the product was released in November 2014. Rich text editor is one of the projects with the highest front-end complexity. An excellent product requires long-term design, research and development and iteration. The construction period is calculated by years
The official documents and videos are more detailed and will not be described here. After installing wangEditor, you can refer to your own building code.
Attach the source code you built for reference, or there is a demo built by yourself on the official website, which can also be accessed directly https://www.wangeditor.com/demo/index.html
After successful local construction
Or directly use the official website demo https://www.wangeditor.com/demo/index.html code analysis
According to the official website building tutorial, after installing the wangeditor editor, you need to reference the wangeditor editor. You need to reference the wangeditor's css and js in the head tag and body respectively. (Please refer to the above vulnerability environment building details for details)
You can see 30 lines of online referenced js files, track and reference wangeditor files, and search globally for data-w-e-type="video" https://unpkg.com/ @wangeditor/ editor@5.1.23 /dist/index.js
In this line, we can see that the video link iframe we entered is not properly filtered, which leads to the subsequent use of the storage XSS vulnerability of iframe
After local debugging, you can see that the relevant xss filtering has not been done well, resulting in the editor's storage XSS vulnerability. Vulnerability exploitation
Local utilization effect
Fill in the POC and click OK to cause a storage-type XSS vulnerability.
If you use the official website demo, the effect is as follows
The text was updated successfully, but these errors were encountered:
Preface
WangEditor 5 is an html rich text editor component developed based on javascript and css, which is open source and free. The first version of the product was released in November 2014. Rich text editor is one of the projects with the highest front-end complexity. An excellent product requires long-term design, research and development and iteration. The construction period is calculated by years
Component official website
https://www.wangeditor.com/
Product
WangEditor
Affected version
Version <= 5
POC
<iframe srcdoc=</iframe>Vulnerability environment construction
Refer to the official website link
https://www.wangeditor.com/v5/getting-started.html
Refer to bilbilbil video
https://www.bilibili.com/video/BV1xY4y147Hq/?spm_id_from=333.999.0.0
The official documents and videos are more detailed and will not be described here. After installing wangEditor, you can refer to your own building code.
Attach the source code you built for reference, or there is a demo built by yourself on the official website, which can also be accessed directly
https://www.wangeditor.com/demo/index.html
After successful local construction
Or directly use the official website demo








https://www.wangeditor.com/demo/index.html
code analysis
According to the official website building tutorial, after installing the wangeditor editor, you need to reference the wangeditor editor. You need to reference the wangeditor's css and js in the head tag and body respectively. (Please refer to the above vulnerability environment building details for details)
You can see 30 lines of online referenced js files, track and reference wangeditor files, and search globally for data-w-e-type="video"
https://unpkg.com/ @wangeditor/ editor@5.1.23 /dist/index.js
In this line, we can see that the video link iframe we entered is not properly filtered, which leads to the subsequent use of the storage XSS vulnerability of iframe
After local debugging, you can see that the relevant xss filtering has not been done well, resulting in the editor's storage XSS vulnerability.
Vulnerability exploitation
Local utilization effect
Fill in the POC and click OK to cause a storage-type XSS vulnerability.
If you use the official website demo, the effect is as follows
The text was updated successfully, but these errors were encountered: