Cksource Ckfinder
4 CVEs affecting Cksource Ckfinder. Latest disclosed: 2025-12-05. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-15862 | High | 7.5 | 2019-09-26 | An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the a… |
CVE-2025-63830 | Medium | 6.1 | 2025-11-14 | CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content. |
CVE-2019-15891 | Medium | 5.3 | 2019-09-26 | An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that th… |
CVE-2016-20023 | Medium | 5.0 | 2025-12-05 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. |