Description
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
Remediation
References
https://github.com/kindsoft/kindeditor/issues/336
Related Vulnerabilities
CVE-2020-28498 Vulnerability in npm package elliptic
CVE-2022-1243 Vulnerability in npm package urijs
CVE-2022-41931 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui
CVE-2020-36189 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-39299 Vulnerability in npm package @node-saml/node-saml