Cross-site Scripting Vulnerability in FCKEditor by CKSource
CVE-2006-6978

Currently unrated

Key Information:

Vendor: Fckeditor
Status: Fckeditor
Vendor: CVE Published:; 8 February 2007

What is CVE-2006-6978?

A cross-site scripting vulnerability exists in the 'Basic Toolbar Selection' feature of FCKEditor, which may allow remote attackers to inject and execute arbitrary JavaScript code. This can be done through manipulations of the javascript: URI in the href or onmouseover attributes of the anchor HTML tag. Such exploitation can lead to unauthorized actions performed on behalf of users.

References

http://www.newffr.com/viewtopic.php?forum=26&topic=11683

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/26539

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/434006/30/4980/thr...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2007
Vulnerability Reserved
Feb 8, 2007

Fckeditor

What is CVE-2006-6978?

References

Timeline