Skip to main content

Kindeditor

7 CVEs product

Monthly

CVE-2021-42228 npm HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kindeditor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-42227 npm MEDIUM POC This Month

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Kindeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-37267 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-30086 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-7543 MEDIUM POC This Month

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kindeditor
NVD GitHub
CVSS 3.0
6.1
EPSS
3.2%
CVE-2018-18950 HIGH POC This Week

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Kindeditor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-1002024 MEDIUM POC PATCH This Month

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Kind Editor Kindeditor
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
EPSS 1% CVSS 8.8
HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kindeditor
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Kindeditor
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kindeditor
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC This Month

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kindeditor
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Kindeditor
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Kind Editor +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy