Vulnerability CVE-2021-42228


Published: 2021-10-14

Description:
Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4.1.x. First, you upload an html file containing csrf on the website that uses a google editor, (you only need to search in google: inurl:/examples/uploadbutton.html) and then use the authority of this website to trick users into clicking your malicious html link.

 References:
https://github.com/kindsoft/kindeditor/issues/337

Copyright 2021, cxsecurity.com

 

Back to Top