VYPR
Vendor

Kind Editor Inc.

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2018-18950HigNov 5, 2018
    risk 0.49cvss 7.5epss 0.02

    KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

  • CVE-2021-37267MedSep 28, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.

  • CVE-2021-30086MedSep 28, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

  • CVE-2019-7543MedFeb 6, 2019
    risk 0.40cvss 6.1epss 0.03

    In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

  • CVE-2017-1002024MedSep 14, 2017
    risk 0.28cvss 4.3epss 0.01

    Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.