Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kindeditor kindeditor vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-18950
KindEditor up to and including 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
Kindeditor Kindeditor
4.3
CVSSv2
CVE-2021-37267
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an malicious user to obtain user cookie information.
Kindsoft Kindeditor -
6.8
CVSSv2
CVE-2021-42228
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
Kindsoft Kindeditor
4.3
CVSSv2
CVE-2021-42227
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
Kindsoft Kindeditor
4.3
CVSSv2
CVE-2019-7543
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
Kindsoft Kindeditor 4.1.11
NA
CVE-2020-28717
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows malicious users to execute arbitrary code.
Kindsoft Kindeditor 4.1.12
4.3
CVSSv2
CVE-2021-30086
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an malicious user to obtain user cookie information.
Kindsoft Kindeditor 4.1.12
4
CVSSv2
CVE-2017-1002024
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
Kindsoft Kind Editor 4.1.11
Kindsoft Kind Editor 4.1.10
Kindsoft Kind Editor 4.1.9
Kindsoft Kind Editor 4.1.8
Kindsoft Kind Editor 4.1.7
Kindsoft Kind Editor 4.1.6
Kindsoft Kind Editor 4.1.5
Kindsoft Kind Editor 4.1.4
Kindsoft Kind Editor 4.1.3
Kindsoft Kind Editor 4.1.2
Kindsoft Kind Editor 4.1.1
Kindsoft Kind Editor 4.1
Kindsoft Kind Editor 4.0.6
Kindsoft Kind Editor 4.0.5
Kindsoft Kind Editor 4.0.4
Kindsoft Kind Editor 4.0.3
Kindsoft Kind Editor 4.0.2
Kindsoft Kind Editor 4.0.1
Kindsoft Kind Editor 4.0
Kindsoft Kind Editor
Kindsoft Kindeditor 4.1.12
4.3
CVSSv2
CVE-2020-23371
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote malicious users to inject arbitrary web script or HTML via the movieName parameter.
5none Nonecms 1.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started