Kind Editor Inc.
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18950 | Hig | 0.49 | 7.5 | 0.02 | Nov 5, 2018 | KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. | ||
| CVE-2021-37267 | Med | 0.40 | 6.1 | 0.01 | Sep 28, 2021 | Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | ||
| CVE-2021-30086 | Med | 0.40 | 6.1 | 0.01 | Sep 28, 2021 | Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | ||
| CVE-2019-7543 | Med | 0.40 | 6.1 | 0.03 | Feb 6, 2019 | In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | ||
| CVE-2017-1002024 | Med | 0.28 | 4.3 | 0.01 | Sep 14, 2017 | Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. |
- risk 0.49cvss 7.5epss 0.02
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
- risk 0.40cvss 6.1epss 0.03
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
- risk 0.28cvss 4.3epss 0.01
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.