Kindeditor Security Vulnerabilities and Issues — Kindeditor CVE List

Lucene search

KindsoftKindeditor

7 matches found

CVE•added 2019/02/06 9:29 p.m.•54 views

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.0286EPSS

CVE•added 2017/09/14 1:29 p.m.•51 views

CVE-2017-1002024

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

4.3CVSS4.7AI score0.00297EPSS

CVE•added 2021/10/14 5:15 p.m.•46 views

CVE-2021-42227

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

6.1CVSS5.9AI score0.00345EPSS

CVE•added 2021/10/14 5:15 p.m.•46 views

CVE-2021-42228

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

8.8CVSS8.8AI score0.00186EPSS

CVE•added 2023/08/11 2:15 p.m.•28 views

CVE-2020-28717

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

6.1CVSS6.1AI score0.0017EPSS

CVE•added 2021/09/28 7:15 p.m.•27 views

CVE-2021-30086

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2021/09/28 7:15 p.m.•26 views

CVE-2021-37267

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.

6.1CVSS5.9AI score0.0024EPSS