Cross-site Scripting Vulnerability

sunhater / kcfinder

KCFinder web file manager

http://kcfinder.sunhater.com

402 stars 209 forks source link

Cross-site Scripting Vulnerability #180

Open lowk3v opened 5 years ago

lowk3v commented 5 years ago

I discovered XSS vulnerability in kcfinder version 3.20-test2. Payload

curl localhost/kcfinder/upload.php?type=files&CKEditor=editor1&CKEditorFuncNum=);} Githubissues.
Githubissues is a development platform for aggregating issues.