Lucene search
China National Vulnerability DatabaseCNVD-2021-94152HistoryOct 15, 2021 - 12:00 a.m.
KindEditor XSS Vulnerability
2021-10-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
kindeditor
xss
vulnerability
upload_json.php
data filtering
attacker
site administrator privileges
EPSS
0.001
Percentile
37.5%
KindEditor is a lightweight, open source (LGPL), cross-browser, web-based WYSIWYG HTML editor. KindEditor is capable of converting standard text areas to rich text editors. an XSS vulnerability exists in KindEditor prior to version 4.1.x. The vulnerability is related to the affected version not handling user input properly. An XSS vulnerability exists in upload_json.php due to the filename parameter not doing relevant data filtering. An attacker could use this vulnerability to gain site administrator privileges.
Related
cvelist
cvelist
CVE-2021-42227
2021-10-14 16:35:26
nvd
nvd
CVE-2021-42227
2021-10-14 17:15:08
github
github
Cross site scripting in kindeditor
2021-10-18 19:44:32
cve
cve
CVE-2021-42227
2021-10-14 17:15:08
osv
osv
CVE-2021-42227
2021-10-14 17:15:08
Cross site scripting in kindeditor
2021-10-18 19:44:32
prion
prion
Cross site scripting
2021-10-14 17:15:00