CVE-2025-10949 MEDIUM

CVE-2025-10949: Changsha Developer Technology iView Editor Markdown cross site scripting

Vendor Changsha Developer Technology
Product iView Editor
Weakness CWE-79 · XSS
Published September 25, 2025
Last update September 25, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 25, 2025 Record updated