Cksource: >> Ckfinder >> 1.4.3 Security Vulnerabilities
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-14
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-09-26