Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an malicious user to obtain user cookie information.
baidu ueditor 1.4.3.3