Description
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
Remediation
References
https://github.com/kindsoft/kindeditor/issues/336
Related Vulnerabilities
CVE-2021-23446 Vulnerability in npm package handsontable
CVE-2017-3201 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer
CVE-2020-8124 Vulnerability in npm package url-parse
CVE-2020-7784 Vulnerability in npm package ts-process-promises
CVE-2020-15119 Vulnerability in maven package org.webjars.bower:auth0-lock