Kindsoft

kindsoft

7 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28717 1Kindsoft 1Kindeditor Jun 17, 2026 Aug 11, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
CVE-2021-42228 1Kindsoft 1Kindeditor Jun 17, 2026 Oct 14, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
CVE-2021-42227 1Kindsoft 1Kindeditor Jun 17, 2026 Oct 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
CVE-2021-37267 1Kindsoft 1Kindeditor Jun 17, 2026 Sep 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-30086 1Kindsoft 1Kindeditor Jun 17, 2026 Sep 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
CVE-2019-7543 1Kindsoft 1Kindeditor Jun 17, 2026 Feb 6, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2017-1002024 1Kindsoft 2Kind Editor Kindeditor May 13, 2026 Sep 14, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.