CVEDB API

Vulnerabilities

Vulnerable Software

Kindsoft: Security Vulnerabilities

CVE-2020-28717

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

CVSS Score

6.1

EPSS Score

0.002

Published

2023-08-11

CVE-2021-42227

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

CVSS Score

6.1

EPSS Score

0.003

Published

2021-10-14

CVE-2021-42228

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

CVSS Score

8.8

EPSS Score

0.002

Published

2021-10-14

CVE-2021-30086

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-09-28

CVE-2021-37267

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-09-28

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

CVSS Score

6.1

EPSS Score

0.029

Published

2019-02-06

CVE-2017-1002024

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CVSS Score

4.3

EPSS Score

0.003

Published

2017-09-14

Page 1

Vulnerabilities

Vulnerable Software

Kindsoft: Security Vulnerabilities

Products

Pricing

Contact Us