Vientiane

**Name of the Vulnerable Software and Affected Versions** kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff **Description** A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file "/ueditor/upload?configPath=ueditor/config.json&action=uploadfile". The manipulation of the `upfile` argument leads to cross-site scripting. This can be launched remotely. The exploit has been disclosed to the public and may be used. The product uses a rolling release for continuous delivery, and no version details for affected or updated releases are available. The GitHub repository of the project has not received an update for more than two years. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.