MidnightBSD

Advisories for kindsoft

CVE-2017-1002024 MEDIUM

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
kindsoft kind_editor 4.1.9
kindsoft kind_editor *
kindsoft kind_editor 4.0.6
kindsoft kind_editor 4.0.3
kindsoft kindeditor 4.1.12
kindsoft kind_editor 4.1.11
kindsoft kind_editor 4.1.1
kindsoft kind_editor 4.1.7
kindsoft kind_editor 4.0.1
kindsoft kind_editor 4.1.6
kindsoft kind_editor 4.1.2
kindsoft kind_editor 4.1.3
kindsoft kind_editor 4.1.5
kindsoft kind_editor 4.0
kindsoft kind_editor 4.0.5
kindsoft kind_editor 4.1
kindsoft kind_editor 4.0.4
kindsoft kind_editor 4.1.8
kindsoft kind_editor 4.1.4
kindsoft kind_editor 4.0.2
kindsoft kind_editor 4.1.10
CVE-2019-7543 MEDIUM

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kindsoft kindeditor 4.1.11
CVE-2020-28717

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
kindsoft kindeditor 4.1.12
CVE-2021-30086 MEDIUM

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kindsoft kindeditor 4.1.12
CVE-2021-37267 MEDIUM

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kindsoft kindeditor -
CVE-2021-42227 MEDIUM

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kindsoft kindeditor *
CVE-2021-42228 MEDIUM

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
kindsoft kindeditor *