Cross-Site Scripting Flaw in FCKeditor by CKSource
CVE-2014-4037

Currently unrated

Key Information:

Vendor

Ckeditor

Status
Fckeditor
Vendor
CVE Published:
11 June 2014

What is CVE-2014-4037?

The vulnerability in FCKeditor allows remote attackers to exploit a cross-site scripting flaw via the textinputs[] parameter in spellchecker.php. This issue permits attackers to inject malicious scripts or HTML into webpages when users view compromised content, posing a significant risk to web application integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1030413
vdb-entryx_refsource_SECTRACK
http://packetstormsecurity.com/files/126902/FCKeditor-2.6...
x_refsource_MISC
http://ckeditor.com/blog/FCKeditor-2.6.11-Released
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.