Composer/Sunhater/Kcfinder | GitLab Advisory Database

Cross-site Scripting

A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter.

Advisories for Composer/Sunhater/Kcfinder package