kindsoft/kindeditor

kindsoft/kindeditor

Releases11

Frequency8 months 5 days

Last Release over 7 years ago

Stars1.9K

Try Lake, a new editor I developed

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-28717 ↗	Aug 11, 2023Friday, 11 August 2023, 14:15	6.1 MEDIUM	—
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
CVE-2021-42227 ↗	Oct 14, 2021Thursday, 14 October 2021, 17:15	6.1 MEDIUM	4.3 MEDIUM
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
CVE-2021-42228 ↗	Oct 14, 2021Thursday, 14 October 2021, 17:15	8.8 HIGH	6.8 MEDIUM
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
CVE-2021-30086 ↗	Sep 28, 2021Tuesday, 28 September 2021, 19:15	6.1 MEDIUM	4.3 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
CVE-2018-18950 ↗	Nov 5, 2018Monday, 5 November 2018, 09:29	—	5 MEDIUM
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
CVE-2017-1002024 ↗	Sep 14, 2017Thursday, 14 September 2017, 13:29	—	4 MEDIUM
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.