CVE-2021-42228
published 2021-10-14CVE-2021-42228: A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
PriorityP335high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.96%
57.0th percentile
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kindsoft | kindeditor | 0 – 4.1.12 | — |
| kindsoft | kindeditor | 4.1 – 4.1.12 | — |
| linux | linux_kernel | >= 0 < 5.4.0-196.216 | 5.4.0-196.216 |
| linux | linux_kernel | >= 0 < 4.4.0-259.293 | 4.4.0-259.293 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-10-10·CVSS 5.5
CVE-2021-47188 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,
CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,
CVE-2024-27012, CVE-2024-26677)
OSV
linux-raspi vulnerabilities
osv·2024-10-01·CVSS 5.5
CVE-2021-47188 linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-42160, CVE-2024-42228, CVE-2022-48863,
CVE-2024-26677, CVE-2024-26787, CVE-2024-38570, CVE-2024-39494,
CVE-2022-48791, CVE-2024-27012)
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-09-26·CVSS 5.5
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
osv·2024-09-18·CVSS 5.5
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-27012, CVE-2024-42228, CVE-2022-48791,
CVE-2024-39494, CVE-2022-48863, CVE-2024-26787, CVE-2024-42160,
CVE-2024-38570, CVE-2024-26677)
OSV
Cross Site Request Forgery in kindeditor
osv·2021-10-18
CVE-2021-42228 [HIGH] Cross Site Request Forgery in kindeditor
Cross Site Request Forgery in kindeditor
Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.
GHSA
Cross Site Request Forgery in kindeditor
ghsa·2021-10-18
CVE-2021-42228 [HIGH] CWE-352 Cross Site Request Forgery in kindeditor
Cross Site Request Forgery in kindeditor
Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-14
Published