Lucene search
K
KindsoftKindeditor

7 matches found

CVE
CVE
added 2019/02/06 9:0 p.m.99 views

CVE-2019-7543

KindEditor 4.1.11 is affected by a reflected XSS via the php/demo.php content1 parameter. The vulnerability allows an attacker to inject JavaScript that executes in the victim’s browser, potentially leading to session hijacking, defacement, or theft of sensitive information. Root cause: improper ...

6.1CVSS6AI score0.03161EPSS
CVE
CVE
added 2017/09/14 1:0 p.m.67 views

CVE-2017-1002024

Vulnerability details for CVE-2017-1002024 show a flaw in Kind Editor v4.1.12 where kindeditor/php/upload_json.php does not authenticate users before allowing file uploads. This enables unauthenticated users to upload files via the endpoint, per the public CVE description. The NVD entry lists a M...

4.3CVSS4.7AI score0.01346EPSS
CVE
CVE
added 2021/10/14 4:38 p.m.64 views

CVE-2021-42228

CVE-2021-42228 describes a Cross Site Request Forgery (CSRF) vulnerability in KindEditor 4.1.x, demonstrated by examples/uploadbutton.html. The CVE is corroborated across multiple records (NVD, CVE List, GHSA, OSV, CNVD, CNNVD) with consistent wording that the editor is vulnerable to CSRF. No con...

8.8CVSS8.8AI score0.00957EPSS
CVE
CVE
added 2021/10/14 4:35 p.m.62 views

CVE-2021-42227

CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...

6.1CVSS5.9AI score0.00907EPSS
CVE
CVE
added 2023/08/11 12:0 a.m.47 views

CVE-2020-28717

The CVE-2020-28717 issue affects kindeditor (KindEditor) version 4.1.12, specifically the content1 parameter in demo.jsp. The root cause is a Cross-Site Scripting (XSS) vulnerability due to improper input sanitization in that parameter, allowing an attacker to inject and execute arbitrary JavaScr...

6.1CVSS6.1AI score0.00493EPSS
CVE
CVE
added 2021/09/28 6:14 p.m.41 views

CVE-2021-37267

CVE-2021-37267 is a cross-site scripting (XSS) vulnerability affecting all versions of KindEditor. The issue allows an attacker to access user cookies, as described in multiple sources (XSS in KindEditor leading to cookie leakage). There are no remediation details provided in the supplied documen...

6.1CVSS5.9AI score0.00562EPSS
CVE
CVE
added 2021/09/28 6:17 p.m.40 views

CVE-2021-30086

CVE-2021-30086 is a Cross Site Scripting (XSS) issue in KindEditor (Chinese versions) 4.1.12. The vulnerability could allow an attacker to obtain user cookie information. The provided documents confirm the affected product and version and the impact; however, no concrete exploit details, affected...

6.1CVSS5.8AI score0.00663EPSS