KindEditor has XSS Vulnerability Description
- Author: YUNG-HAO TSENG, Eddie TC CHANG, YU-HSIANG HUANG
- Contact: 0xuhaw@gmail.com; eddietcchang@gmail.com; huang.yuhsiang.phone@gmail.com
Testing Target
- Product:KindEditor
- Version:4.1.11
- Official Website:http://kindeditor.net/demo.php
- Affect:All Version <= 4.1.11
Abstract
We discovered that KindEditor /php/demo.php pages the content1 parameter has reflected Cross-site Scripting (XSS) vulnerability.




