Cross-Site Scripting Vulnerability in FCKeditor by FCKeditor
CVE-2012-4000

Currently unrated

Key Information:

Vendor

Ckeditor

Status
Fckeditor
Vendor
CVE Published:
12 July 2012

What is CVE-2012-4000?

A cross-site scripting (XSS) vulnerability exists in versions of FCKeditor up to 2.6.7 that involves the print_textinputs_var function in the spellchecker.php script. This flaw allows remote attackers to craft input that can inject arbitrary web scripts or HTML code through the textinputs array parameters, potentially compromising the security of the impacted web applications. Such vulnerabilities can lead to data theft, session hijacking, and other malicious actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2012/dsa-2522
vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/49606
third-party-advisoryx_refsource_SECUNIA
http://disse.cting.org/blog/2012/06/22/fckeditor-reflecte...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.