7 matches found
CVE-2019-7543
KindEditor 4.1.11 is affected by a reflected XSS via the php/demo.php content1 parameter. The vulnerability allows an attacker to inject JavaScript that executes in the victim’s browser, potentially leading to session hijacking, defacement, or theft of sensitive information. Root cause: improper ...
CVE-2017-1002024
Vulnerability details for CVE-2017-1002024 show a flaw in Kind Editor v4.1.12 where kindeditor/php/upload_json.php does not authenticate users before allowing file uploads. This enables unauthenticated users to upload files via the endpoint, per the public CVE description. The NVD entry lists a M...
CVE-2021-42228
CVE-2021-42228 describes a Cross Site Request Forgery (CSRF) vulnerability in KindEditor 4.1.x, demonstrated by examples/uploadbutton.html. The CVE is corroborated across multiple records (NVD, CVE List, GHSA, OSV, CNVD, CNNVD) with consistent wording that the editor is vulnerable to CSRF. No con...
CVE-2021-42227
CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...
CVE-2020-28717
The CVE-2020-28717 issue affects kindeditor (KindEditor) version 4.1.12, specifically the content1 parameter in demo.jsp. The root cause is a Cross-Site Scripting (XSS) vulnerability due to improper input sanitization in that parameter, allowing an attacker to inject and execute arbitrary JavaScr...
CVE-2021-37267
CVE-2021-37267 is a cross-site scripting (XSS) vulnerability affecting all versions of KindEditor. The issue allows an attacker to access user cookies, as described in multiple sources (XSS in KindEditor leading to cookie leakage). There are no remediation details provided in the supplied documen...
CVE-2021-30086
CVE-2021-30086 is a Cross Site Scripting (XSS) issue in KindEditor (Chinese versions) 4.1.12. The vulnerability could allow an attacker to obtain user cookie information. The provided documents confirm the affected product and version and the impact; however, no concrete exploit details, affected...