Описание
Cross Site Request Forgery in kindeditor
Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.
Пакеты
Наименование
kindeditor
npm
Затронутые версииВерсия исправления
<= 4.1.12
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 4 лет назад
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.