Vulnerabilities > Sunhater > Kcfinder > 3.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-28 | CVE-2019-14315 | Cross-site Scripting vulnerability in Sunhater Kcfinder A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | 6.1 |