Skip to content
This repository was archived by the owner on Mar 29, 2025. It is now read-only.
This repository was archived by the owner on Mar 29, 2025. It is now read-only.

There is a csrf vulnerability in kindeditor - 4.1.* #337

Open
Open
There is a csrf vulnerability in kindeditor - 4.1.*#337
@cyber-word

Description

@cyber-word
cyber-word
opened on Oct 14, 2021

[Suggested description]
Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot
4.1.x. First, you upload an html file containing csrf on the website
that uses a google editor, (you only need to search in google:
inurl:/examples/uploadbutton.html) and then use the authority of this
website to trick users into clicking your malicious html link.

[Vulnerability Type]
Cross Site Request Forgery (CSRF)

[Vendor of Product]
https://github.com/kindsoft/kindeditor

[Affected Product Code Base]
kindeditor - 4.1.*

[Affected Component]
To find a website that uses this editor, you only need to search in google: inurl:/examples/uploadbutton.html
Because this is the feature file of this editor

[Attack Type]
Remote

[Impact Code execution]
true

Attackers can use websites trusted by users to perform dangerous operations

[Attack Vectors]

<title>csrf test</title> // your target url

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions