sunhater/kcfinder

vulnerability cross-site scripting (xss)
severity 6.5
language php
registry packagist

Overview

sunhater/kcfinder is a web file manager, this package is vulnerable to Cross-site Scripting (XSS).

A malicious user can inject arbitrary web script or HTML via the CKEditorFuncNum parameter.

References