Description
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
Remediation
References
https://github.com/kindsoft/kindeditor/issues/337
Related Vulnerabilities
CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.merge
CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2021-29480 Vulnerability in maven package io.ratpack:ratpack-session