Every CVE whose affected-product data names Kindsoft Kindeditor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-42228 — CVSS 8.8 (high): A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
CVE-2019-7543 — CVSS 6.1 (medium): In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2020-28717 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to…
CVE-2021-37267 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie…
CVE-2021-42227 — CVSS 6.1 (medium): Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the…
CVE-2021-30086 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain…
CVE-2017-1002024 — CVSS 4.3 (medium): Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to…