Kindsoft Kindeditor vulnerabilities
6 known vulnerabilities affecting kindsoft/kindeditor.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2019-7543P3MEDIUMCVSS 6.1PoCv4.1.112019-02-06
CVE-2019-7543 [MEDIUM] CWE-79 CVE-2019-7543: In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS)
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
nvd
CVE-2021-42228P3HIGHCVSS 8.8≥ 4.1, ≤ 4.1.122021-10-14
CVE-2021-42228 [HIGH] CWE-352 CVE-2021-42228: A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by exa
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
ghsanvdosv
CVE-2021-30086P4MEDIUMCVSS 6.1v4.1.122021-09-28
CVE-2021-30086 [MEDIUM] CWE-79 CVE-2021-30086: Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can b
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
nvd
CVE-2021-42227P4MEDIUMCVSS 6.1≥ 4.1, ≤ 4.1.122021-10-14
CVE-2021-42227 [MEDIUM] CWE-79 CVE-2021-42227: Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examp
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
ghsanvdosv
CVE-2020-28717P4MEDIUMCVSS 6.1v4.1.122023-08-11
CVE-2020-28717 [MEDIUM] CWE-79 CVE-2020-28717: Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor ve
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
nvd
CVE-2017-1002024P4MEDIUMCVSS 4.3v4.1.122017-09-14
CVE-2017-1002024 [MEDIUM] CWE-287 CVE-2017-1002024: Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
nvd