Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30848
HistoryJun 14, 2014 - 12:00 a.m.

FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS)

2014-06-1400:00:00
vulners.com
24
JSON

Class Cross-Site Scripting
Remote Yes
Published 2nd June 2014
Credit Robin Bailey of Dionach ([email protected])
Vulnerable FCKeditor <= 2.6.10

FCKeditor is prone to a reflected cross-site scripting (XSS) vulnerability due to inadequately sanitised user input. An attacker may leverage this issue to run JavaScript in the context of a victim's browser.

FCKeditor 2.6.10 is known to be vulnerable; older versions may also be vulnerable.

Note that this issue is related to CVE-2012-4000, which was a cross-site scripting vulnerability in the values of the textinputs[] array passed to the spellchecker.php page. To resolve this issue the values of this array were encoded with htmlspecialchars() before being output to the page; however the array keys were still echoed unencoded.

PoC:

POST http://[target]/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
textinputs[1</script><script>alert(document.cookie);//</script>]=zz

The vendor was notified of this issue, and FCKeditor 2.6.11 was released to address this vulnerability. See the following vendor announcement:

http://ckeditor.com/blog/FCKeditor-2.6.11-Released

Timeline:

28/05/2014 Vulnerability identified
28/05/2014 Initial vendor contact
28/05/2014 Vendor response to contact
28/05/2014 Vulnerability disclosed to vendor
29/05/2014 Vendor confirms vulnerability
02/06/2014 Vendor releases patch
02/06/2014 Public disclosure of vulnerability

Disclaimer: This e-mail and any attachments are confidential.

It may contain privileged information and is intended for the named
addressee(s) only. It must not be distributed without Dionach Ltd consent.
If you are not the intended recipient, please notify the sender immediately and destroy this e-mail.

Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Unless expressly stated, opinions in this e-mail are those of the individual sender, and not of Dionach Ltd.

Dionach Ltd, Greenford House, London Road, Wheatley, Oxford OX33 1JH Company Registration No. 03908168, VAT No. GB750661242

Related

packetstorm 1
openvas 2
nessus 2
prion 2
cve 2
securityvulns 2
debian 1
ubuntucve 2
debiancve 1
fedora 1
packetstorm
packetstorm
FCKeditor 2.6.10 Cross Site Scripting
2014-06-03 00:00:00
openvas
openvas
Debian Security Advisory DSA 2522-1 (fckeditor)
2012-08-10 00:00:00
Debian: Security Advisory (DSA-2522-1)
2012-08-10 00:00:00
nessus
nessus
Debian DSA-2522-1 : fckeditor - XSS
2012-08-07 00:00:00
Fedora 21 : zarafa-7.1.14-1.fc21 (2015-a275fd68f2)
2016-03-04 00:00:00
prion
prion
Cross site scripting
2012-07-12 21:55:00
Cross site scripting
2014-06-11 14:55:00
cve
cve
CVE-2012-4000
2012-07-12 21:55:00
CVE-2014-4037
2014-06-11 14:55:00
securityvulns
securityvulns
[SECURITY] [DSA 2522-1] fckeditor security update
2012-08-13 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-08-13 00:00:00
debian
debian
[SECURITY] [DSA 2522-1] fckeditor security update
2012-08-06 08:22:53
ubuntucve
ubuntucve
CVE-2012-4000
2012-07-12 00:00:00
CVE-2014-4037
2014-06-11 00:00:00
debiancve
debiancve
CVE-2014-4037
2014-06-11 14:55:00
fedora
fedora
[SECURITY] Fedora 21 Update: zarafa-7.1.14-1.fc21
2015-11-23 23:21:38
JSON
Related for SECURITYVULNS:DOC:30848
packetstorm1openvas2nessus2prion2cve2securityvulns2debian1ubuntucve2debiancve1fedora1