Lucene search
K

96 matches found

OSV
OSV
added 2021/04/28 4:15 p.m.4 views

CVE-2020-18022

Cross Site Scripting XSS in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component...

6.1CVSS6.1AI score0.01246EPSS
Exploits1References1
CVE
CVE
added 2021/04/28 3:18 p.m.47 views

CVE-2020-18022

CVE-2020-18022 affects Qibosoft QiboCMS v7 and earlier via a flaw in the embedded editor component (ewebeditor 3.1.1 / kindeditor.js). The vulnerability allows remote attackers to inject commands through HTTP requests, enabling Cross Site Scripting (XSS) that can lead to arbitrary code execution ...

6.1CVSS6.5AI score0.01246EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/03/30 12:0 a.m.4 views

XSS Vulnerability in KindEditor Editor

KindEditor is a powerful free HTML editor. KindEditor editor has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

6AI score
Exploits0
CNVD
CNVD
added 2020/12/01 12:0 a.m.4 views

KindEditor is vulnerable to XSS

KindEditor is a set of open source online HTML editor . KindEditor has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

5.9AI score
Exploits0
CNVD
CNVD
added 2019/02/19 12:0 a.m.1 views

Directory Traversal Vulnerability in KindEditor Editor

KindEditor is a set of open source online HTML editor . A directory traversal vulnerability exists in the KindEditor editor. An attacker can exploit this vulnerability to obtain sensitive information...

6.6AI score
Exploits0
OSV
OSV
added 2019/02/06 9:29 p.m.25 views

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting XSS vulnerability...

6.1CVSS6.1AI score0.03161EPSS
Exploits1References1
Prion
Prion
added 2019/02/06 9:29 p.m.18 views

Cross site scripting

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting XSS vulnerability...

4.3CVSS6AI score0.03161EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/06 9:29 p.m.21 views

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting XSS vulnerability...

6.1CVSS6.1AI score0.03161EPSS
Exploits1References1
CVE
CVE
added 2019/02/06 9:0 p.m.99 views

CVE-2019-7543

KindEditor 4.1.11 is affected by a reflected XSS via the php/demo.php content1 parameter. The vulnerability allows an attacker to inject JavaScript that executes in the victim’s browser, potentially leading to session hijacking, defacement, or theft of sensitive information. Root cause: improper ...

6.1CVSS6AI score0.03161EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/06 9:0 p.m.25 views

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting XSS vulnerability...

6AI score0.03161EPSS
Exploits1References1
Veracode
Veracode
added 2018/11/07 2:30 a.m.18 views

Directory Traversal

kindeditor is vulnerable to directory traversal attacks. The vulnerability exists in php/uploadjson.php where directory information can be listed in the kindeditor/attached/ folder via the path parameter...

7.5CVSS7.3AI score0.02149EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2018/11/05 9:29 a.m.15 views

Path traversal

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

5CVSS7.5AI score0.02149EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/05 9:29 a.m.17 views

CVE-2018-18950

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

7.5CVSS7.6AI score0.02149EPSS
Exploits1References1
OSV
OSV
added 2018/11/05 9:29 a.m.12 views

CVE-2018-18950

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

7.5CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2018/11/05 9:0 a.m.43 views

CVE-2018-18950

KindEditor prior to 4.1.11 is affected by a path traversal vulnerability in php/upload_json.php, enabling anyone to browse files/directories under kindeditor/attached/ via the path parameter without authentication. This is a unauthenticated information disclosure/vulnerability that can expose pri...

7.5CVSS7.5AI score0.02149EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/05 9:0 a.m.21 views

CVE-2018-18950

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

7.6AI score0.02149EPSS
Exploits1References1
Veracode
Veracode
added 2017/07/06 2:29 a.m.23 views

Remote File Upload

kindeditor is vulnerable to remote file upload. The library does not check whether a user has the permission to upload files to the system, allowing a malicious user to upload an arbitrary file to the system through a POST request to the php/uploadjson.php file...

4.3CVSS5.3AI score0.01346EPSS
Exploits1References5Affected Software2
seebug.org
seebug.org
added 2017/07/03 12:0 a.m.15 views

KindEditor cross-site scripting vulnerability

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/06/16 12:0 a.m.2 views

KindEditor is vulnerable to XSS

KindEditor is a set of open source HTML visual editor , mainly used to allow users to get WYSIWYG editing effect on the site , compatible with IE, Firefox, Chrome, Safari, Opera and other major browsers . KindEditor has an XSS vulnerability. An attacker can exploit the vulnerability by uploading...

6AI score
Exploits0
CNVD
CNVD
added 2016/09/28 12:0 a.m.3 views

Reflective Cross-Site Scripting Vulnerability in Kindeditor

KindEditor is a set of open source online HTML editor . Kindeditor suffers from a reflective cross-site scripting vulnerability. Allows an attacker to construct XSS statements , pop-up box operation , to obtain user cookies and other information...

5.6AI score
Exploits0
Rows per page
Query Builder