KindEditor 4.1.11 - Cross-Site Scripting

KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter. id: CVE-2019-7543 info: name: KindEditor 4.1.11 - Cross-Site Scripting author: pikpikcu severity: medium description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the...

CVE-2018-18950

KindEditor through 4.1.11 has a path traversal vulnerability in php/uploadjson.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication...

EUVD-2025-202705

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

CVE-2025-14522

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

CVE-2025-14522

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

CVE-2025-14522

CVE-2025-14522 affects baowzh hfly with an unrestricted file upload via the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The root cause is manipulation of imgFile, enabling remote exploitation; exploitation status and affected versions are not clearly defined in the provided detai...

hfly 代码问题漏洞

hfly is a travel website by baowzh individual developer. A code issue vulnerability exists in hfly, which stems from the incorrect manipulation of the parameter imgFile in the file /Public/Kindeditor/php/uploadjson.php, which could lead to arbitrary file uploads...

PT-2025-50630

Name of the Vulnerable Software and Affected Versions baowzh hfly affected versions not specified Description A flaw exists that allows for unrestricted file uploads. The issue is located in an unknown function within the /Public/Kindeditor/php/upload json.php file. Manipulation of the imgFile...

EUVD-2020-21115

Malware in sbrugna...

EUVD-2021-23839

Malware in sbrugna...

EUVD-2019-17083

Malware in sbrugna...

EUVD-2021-17028

Malware in sbrugna...

EUVD-2018-10654

Malware in sbrugna...

EUVD-2021-2152

Malware in sbrugna...

EUVD-2021-2269

Malware in sbrugna...

CVE-2021-37267

Cross Site Scripting XSS vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information...

CVE-2021-30086

Cross Site Scripting XSS vulnerability exists in KindEditor Chinese versions 4.1.12, which can be exploited by an attacker to obtain user cookie information...

CVE-2020-28717

Cross Site Scripting XSS vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code...

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting XSS vulnerability...