CVE-2012-4000

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/	Exploit
http://secunia.com/advisories/49606	Vendor Advisory
http://www.debian.org/security/2012/dsa-2522
http://www.securityfocus.com/bid/54188	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/76604
http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/	Exploit
http://secunia.com/advisories/49606	Vendor Advisory
http://www.debian.org/security/2012/dsa-2522
http://www.securityfocus.com/bid/54188	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/76604

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ckeditor:fckeditor::::::::
	cpe:2.3:a:ckeditor:fckeditor:0.8:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.8.5:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.0:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.1:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.2:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.3:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.4:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:0.9.5:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:1.0:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.0:fc::::::
	cpe:2.3:a:ckeditor:fckeditor:1.0:rc1::::::
	cpe:2.3:a:ckeditor:fckeditor:1.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.2.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.2.4:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.3:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.3.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.4:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.5:::::::*
	cpe:2.3:a:ckeditor:fckeditor:1.6:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.0:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.0:beta1::::::
	cpe:2.3:a:ckeditor:fckeditor:2.0:beta2::::::
	cpe:2.3:a:ckeditor:fckeditor:2.0:fc::::::
	cpe:2.3:a:ckeditor:fckeditor:2.0:rc1::::::
	cpe:2.3:a:ckeditor:fckeditor:2.0:rc2::::::
	cpe:2.3:a:ckeditor:fckeditor:2.0:rc3::::::
	cpe:2.3:a:ckeditor:fckeditor:2.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.1.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.3:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.3:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:2.3.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.3.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.3.3:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.4:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.4.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.4.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.4.3:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.5:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.5:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:2.5.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:2.6:rc::::::
	cpe:2.3:a:ckeditor:fckeditor:2.6.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6.2:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6.3:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6.3:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:2.6.4:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6.4:beta::::::
	cpe:2.3:a:ckeditor:fckeditor:2.6.4.1:::::::*
	cpe:2.3:a:ckeditor:fckeditor:2.6.5:::::::*

History

21 Nov 2024, 01:42

Type	Values Removed	Values Added
References	~~() http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/ - Exploit~~	() http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/ - Exploit
References	~~() http://secunia.com/advisories/49606 - Vendor Advisory~~	() http://secunia.com/advisories/49606 - Vendor Advisory
References	~~() http://www.debian.org/security/2012/dsa-2522 -~~	() http://www.debian.org/security/2012/dsa-2522 -
References	~~() http://www.securityfocus.com/bid/54188 - Exploit~~	() http://www.securityfocus.com/bid/54188 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/76604 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/76604 -

Information

Published : 2012-07-12 21:55

Updated : 2024-11-21 01:42

NVD link : CVE-2012-4000

Mitre link : CVE-2012-4000

CVE.ORG link : CVE-2012-4000

JSON object : View

Products Affected

ckeditor

fckeditor

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-4000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-12T21:55:08.733", "references": [{"url": "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/49606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2012/dsa-2522", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/54188", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76604", "source": "cve@mitre.org"}, {"url": "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49606", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2522", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/54188", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76604", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la funci\u00f3n print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros de matriz de 'textinputs'."}], "lastModified": "2024-11-21T01:42:00.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ckeditor:fckeditor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7364428-E5A3-4FAF-BAA8-720B7CA98862", "versionEndIncluding": "2.6.7"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.8:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277B33F5-20D5-4283-AFA9-1E038985512C"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.8.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9F9F4D-9C5E-466B-A15C-84971F620FB7"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D451751-C98E-4FB3-9428-2A1E74B58F52"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E66C94E4-D31C-476B-86B1-8AA0B2116518"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF5ED2E-7D49-4580-87BE-C1201987FE55"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.3:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0011FB3B-C801-4D40-86C0-D3712031AC3F"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84F76C02-C06F-4EBA-8DB7-90280E357015"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:0.9.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11FE2A01-6A0E-4967-AF83-00AFDE33EFB0"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7817D2-B651-4724-8C85-D0989D2A1DB5"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.0:fc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94525AC0-851E-4550-BEEA-EFD8A555E800"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EFC9EB5-B495-47AE-8358-7C21E819594F"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A389652C-A46E-407A-96A4-728B6EAD7BFB"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980F11BC-9720-44EA-AFB3-623A436DF5DF"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "168AA87E-CD68-4FAF-B26A-0E56E48BAE38"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C21C747-9F81-4057-A59C-55CFCF209536"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE671A78-09B2-4B58-824E-214AD8F4796A"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68DED905-22B3-4A76-8331-8509C7781700"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F86D77-7714-45E7-9EAC-942A2AC4D3A7"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29926A0-0138-4D40-B7FD-5ED6E2B1BA27"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4238610-DE29-405C-A614-1F6C402BC70A"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3040AB03-60F5-4C18-A071-E64803ED26CF"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30992DBF-6FEF-4C1B-8CE3-9F8492A4BC26"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15363B8B-E3A4-443C-84AF-3ADF2FB655AD"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:fc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDC7944-2339-4F15-80C2-0ED90A3F1F7F"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C6E6CE-977B-464C-A70C-6A9177DE2D14"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "365D6F25-113F-41A0-8157-60495B2276D7"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AAB564B-CF86-44CC-974C-7E8E866E8AB5"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F06B30-F9A4-4E71-A291-D14727327DF8"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133BDDB1-195E-400E-BE9A-CA4AA0FFB082"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4198558-251F-40AE-821F-FB3898332C63"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FFCA3BD-76D9-4575-BACD-A283E34CA272"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.3:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9D022D-2189-4795-8E71-2E2ABF274164"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70DA0A51-0103-4AEB-ABB0-7393493D8A9D"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9ED0FDF-1A91-4795-A014-63D4CB6E2E4D"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9448C610-E5CA-4927-998F-32226F2C19B8"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDC69D28-012B-42CB-BEB8-550DDF85A2BB"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19FCA9F-6828-4509-B78D-52D1A3EC9440"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF21B93-6A59-4F7F-9AE9-356D4C258AAF"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2BB98AD-765C-4D42-8990-6E8ADC773861"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A991700C-AD1A-498A-BBE0-E8CD2CDBFDBF"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A59FEFB1-4FA2-4BAC-97C8-AAB881E43154"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4957D7EA-A663-418F-8250-DF622367C904"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29C04289-6B88-4E0B-9762-374C3CB5A1A0"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E5D2BE-77AF-4707-8ADE-0393FECE6D47"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5443099-B3B8-4CC6-866F-F92CBD2376F5"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B314BD80-F378-4BE7-BDFC-4A2074D0DCA7"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C362C46-60CD-4B01-809D-5CE896F075E1"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3FBF20E-4390-44EF-8C67-B442CE444CC0"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E12AFB2-3971-47C2-9C7F-CB9396CC3EF0"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7160EF-B834-41BD-87DD-F93EB461C0B3"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88472F5E-1CB2-40CD-9044-AFBE6401BDFE"}, {"criteria": "cpe:2.3:a:ckeditor:fckeditor:2.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070B485-5154-4260-ADEB-C152FC6A7460"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10