CKFinder
by Cfmsource
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-20023 | 0.00 | — | 0.00 | Dec 5, 2025 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | |||
| CVE-2025-63830 | 0.00 | — | 0.00 | Nov 14, 2025 | CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content. |
- CVE-2016-20023Dec 5, 2025risk 0.00cvss —epss 0.00
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
- CVE-2025-63830Nov 14, 2025risk 0.00cvss —epss 0.00
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.