Skip to content

Latest commit

 

History

History

KindEditor

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

KindEditor has XSS Vulnerability Description


Testing Target

Abstract

We discovered that KindEditor /php/demo.php pages the content1 parameter has reflected Cross-site Scripting (XSS) vulnerability.

Concept

  1. We download the latest version from the official website and view the source code of /kindediotr/php/demo.php.

  2. From the demo.php source we can see missing filter (such as htmlspecialchars) on line 45.

  3. Simply test the XSS payload, we discovered content1 parameter has reflected XSS vulnerability.

  4. Great to execute successfully.