summary Directory Traversal affected versions * severity 7.5
kindeditor is a lightweight, Open Source(LGPL), cross browser, web based WYSIWYG HTML editor.
This package is vulnerable to Directory Traversal Attacks. A malicious user can browse a file or directory in the
kindeditor/attached/ folder via the
path parameter without authentication.