Vulners
Lucene search
FCKeditor 2.6.10 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the integrity of protected information | 7 Jul 201600:00 | – | bdu_fstec |
 | CVE-2012-4000 | 25 Jun 201200:00 | – | circl |
 | CVE-2012-4000 | 12 Jul 201221:00 | – | cve |
 | CVE-2012-4000 | 12 Jul 201221:00 | – | cvelist |
 | [SECURITY] [DSA 2522-1] fckeditor security update | 6 Aug 201208:22 | – | debian |
 | Debian DSA-2522-1 : fckeditor - XSS | 7 Aug 201200:00 | – | nessus |
| Fedora 21 : zarafa-7.1.14-1.fc21 (2015-a275fd68f2) | 4 Mar 201600:00 | – | nessus |
 | EUVD-2012-3944 | 7 Oct 202500:30 | – | euvd |
 | [SECURITY] Fedora 21 Update: zarafa-7.1.14-1.fc21 | 23 Nov 201523:21 | – | fedora |
 | CVE-2012-4000 | 12 Jul 201221:55 | – | nvd |
10
`Class Cross-Site Scripting
Remote Yes
Published 2nd June 2014
Credit Robin Bailey of Dionach ([email protected])
Vulnerable FCKeditor <= 2.6.10
FCKeditor is prone to a reflected cross-site scripting (XSS) vulnerability due to inadequately sanitised user input. An attacker may leverage this issue to run JavaScript in the context of a victim's browser.
FCKeditor 2.6.10 is known to be vulnerable; older versions may also be vulnerable.
Note that this issue is related to CVE-2012-4000, which was a cross-site scripting vulnerability in the values of the textinputs[] array passed to the spellchecker.php page. To resolve this issue the values of this array were encoded with htmlspecialchars() before being output to the page; however the array keys were still echoed unencoded.
PoC:
POST http://[target]/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
textinputs[1</script><script>alert(document.cookie);//</script>]=zz
The vendor was notified of this issue, and FCKeditor 2.6.11 was released to address this vulnerability. See the following vendor announcement:
http://ckeditor.com/blog/FCKeditor-2.6.11-Released
Timeline:
28/05/2014 Vulnerability identified
28/05/2014 Initial vendor contact
28/05/2014 Vendor response to contact
28/05/2014 Vulnerability disclosed to vendor
29/05/2014 Vendor confirms vulnerability
02/06/2014 Vendor releases patch
02/06/2014 Public disclosure of vulnerability
______________________________________________________________________
Disclaimer: This e-mail and any attachments are confidential.
It may contain privileged information and is intended for the named
addressee(s) only. It must not be distributed without Dionach Ltd consent.
If you are not the intended recipient, please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Unless expressly stated, opinions in this e-mail are those of the individual sender, and not of Dionach Ltd.
Dionach Ltd, Greenford House, London Road, Wheatley, Oxford OX33 1JH Company Registration No. 03908168, VAT No. GB750661242
______________________________________________________________________
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2014 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.02144