Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4000

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4000
Last Modified 29 Jan 2013 11:54:19
Published 12 Jul 2012 05:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4000

Summary

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

Vulnerable Systems

Application

  • Fckeditor 0.8

  • Fckeditor 0.8.5

  • Fckeditor 0.9.0

  • Fckeditor 0.9.1

  • Fckeditor 0.9.2

  • Fckeditor 0.9.3

  • Fckeditor 0.9.4

  • Fckeditor 0.9.5

  • Fckeditor 1.0

  • Fckeditor 1.1

  • Fckeditor 1.2

  • Fckeditor 1.2.2

  • Fckeditor 1.2.4

  • Fckeditor 1.3

  • Fckeditor 1.3.1

  • Fckeditor 1.4

  • Fckeditor 1.5

  • Fckeditor 1.6

  • Fckeditor 2.0

  • Fckeditor 2.1

  • Fckeditor 2.1.1

  • Fckeditor 2.2

  • Fckeditor 2.3

  • Fckeditor 2.3.1

  • Fckeditor 2.3.2

  • Fckeditor 2.3.3

  • Fckeditor 2.4

  • Fckeditor 2.4.1

  • Fckeditor 2.4.2

  • Fckeditor 2.4.3

  • Fckeditor 2.5

  • Fckeditor 2.5.1

  • Fckeditor 2.6

  • Fckeditor 2.6.1

  • Fckeditor 2.6.2

  • Fckeditor 2.6.3

  • Fckeditor 2.6.4

  • Fckeditor 2.6.4.1

  • Fckeditor 2.6.5

  • Fckeditor 2.6.7


References

XF - fckeditor-spellchecker-xss(76604)

BID - 54188

SECUNIA - 49606

MISC - http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/

DEBIAN - DSA-2522


Last Updated: 27 May 2016 10:54:52