Vulnerabilities > Sunhater

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-01	CVE-2018-25002	Improper Input Validation vulnerability in Sunhater Kcfinder uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. network low complexity sunhater CWE-20	8.8
2019-07-28	CVE-2019-14315	Cross-site Scripting vulnerability in Sunhater Kcfinder A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. network low complexity sunhater CWE-79	6.1

Vulnerabilities > Sunhater {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sunhater"}]}