{"id": "PACKETSTORM:118034", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "CKFinder 2.3 / FCKEditor 2.6.8 SWF Cross Site Scripting", "description": "", "published": "2012-11-12T00:00:00", "modified": "2012-11-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/118034/CKFinder-2.3-FCKEditor-2.6.8-SWF-Cross-Site-Scripting.html", "reporter": "Soroush Dalili", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:24:06", "viewCount": 23, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678921929}, "_internal": {"score_hash": "f7bc9c68e4111353ece90a7067ec452c"}, "sourceHref": "https://packetstormsecurity.com/files/download/118034/ckfinderswf-xss.txt", "sourceData": "`Hello \nThe latest versions of CKFinder (2.3) and FCKEditor(2.6.8) are accepting SWF as a valid extension. As a result, it is possible to make a website vulnerable to an XSS attack by uploading a malicious SWF file. \nSource: http://soroush.secproject.com/blog/2012/11/xss-by-uploadingincluding-a-swf-file/ \n \nThis has been reported to the vendor today, but the swf file is public currently via my blog. \n \nPoC: \nDemo Link: http://ckfinder.com/demo \nResult: http://ckfinder.com/userfiles/flash/Public%20Folder/XSSProject.swf?js=alert(document.domain) \n \n \nRegards \nSoroush Dalili \n`\n"}
{}
CKFinder 2.3 / FCKEditor 2.6.8 SWF Cross Site Scripting