Cksource Ckfinder

4 CVEs affecting Cksource Ckfinder. Latest disclosed: 2025-12-05. Critical: 0, High: 1.

Top CVEs affecting Cksource Ckfinder
CVESeverityScorePublishedSummary
CVE-2019-15862High7.52019-09-26An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the a…
CVE-2025-63830Medium6.12025-11-14CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVE-2019-15891Medium5.32019-09-26An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that th…
CVE-2016-20023Medium5.02025-12-05In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.