2 matches found
FCKeditor connectors模块多个跨站脚本及目录遍历漏洞
CVECAN ID: CVE-2009-2324,CVE-2009-2265 FCKeditor是一款开放源码的HTML文本编辑器。 FCKeditor没有正确地验证用户对多个connector模块所传送的输入,远程攻击者可以利用samples目录中的组件注入任意脚本或HTML,或通过目录遍历攻击上传恶意文件。 FCKeditor = 2.6.4 从editor\filemanager\connectors中删除不使用的连接器 在config.ext中禁用文件浏览器 完全删除samples目录 厂商补丁: FCKeditor ---------...
CVE-2009-2324
CVE-2009-2324 concerns FCKeditor prior to 2.6.4.1, which contains multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script/HTML via components in the samples directory (aka _samples). The underlying issue is improper validation/escaping of input in the samples/connector...