CVE-2020-28717
- EPSS 0.17%
- Veröffentlicht 11.08.2023 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:23:09
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
CVE-2021-42227
- EPSS 0.35%
- Veröffentlicht 14.10.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:27:25
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
CVE-2021-42228
- EPSS 0.19%
- Veröffentlicht 14.10.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:27:26
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
CVE-2021-30086
- EPSS 0.24%
- Veröffentlicht 28.09.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:03:18
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-37267
- EPSS 0.24%
- Veröffentlicht 28.09.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:54
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.
CVE-2019-7543
- EPSS 1.13%
- Veröffentlicht 06.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:17
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2017-1002024
- EPSS 0.3%
- Veröffentlicht 14.09.2017 13:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.