Lucene search

Kindeditor Security Vulnerabilities

cve

CVE-2017-1002024

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

4.3CVSS

4.7AI Score

0.001EPSS

2017-09-14 01:29 PM

cve

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

6.1CVSS

6AI Score

0.001EPSS

2019-02-06 09:29 PM

cve

CVE-2020-28717

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

6.1CVSS

6.1AI Score

0.001EPSS

2023-08-11 02:15 PM

cve

CVE-2021-30086

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

6.1CVSS

5.8AI Score

0.001EPSS

2021-09-28 07:15 PM

cve

CVE-2021-37267

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.

6.1CVSS

5.9AI Score

0.001EPSS

2021-09-28 07:15 PM

cve

CVE-2021-42227

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

6.1CVSS

5.9AI Score

0.001EPSS

2021-10-14 05:15 PM

cve

CVE-2021-42228

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

8.8CVSS

8.8AI Score

0.001EPSS

2021-10-14 05:15 PM