1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
Candidate: CVE-2014-4037
PublicDate: 2014-06-11
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4037
http://packetstormsecurity.com/files/126902/FCKeditor-2.6.10-Cross-Site-Scripting.html
http://ckeditor.com/blog/FCKeditor-2.6.11-Released
Description:
Cross-site scripting (XSS) vulnerability in
editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
in FCKeditor before 2.6.11 and earlier allows remote attackers to inject
arbitrary web script or HTML via an array key in the textinputs[]
parameter, a different issue than CVE-2012-4000.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Robin Bailey
Assigned-to:
Patches_fckeditor:
upstream_fckeditor: released (2.6.11)
lucid_fckeditor: ignored (reached end-of-life)
precise_fckeditor: ignored (reached end-of-life)
precise/esm_fckeditor: DNE (precise was needed)
saucy_fckeditor: ignored (reached end-of-life)
trusty_fckeditor: needed
utopic_fckeditor: ignored (reached end-of-life)
vivid_fckeditor: ignored (reached end-of-life)
vivid/stable-phone-overlay_fckeditor: DNE
vivid/ubuntu-core_fckeditor: DNE
wily_fckeditor: DNE
xenial_fckeditor: DNE
yakkety_fckeditor: DNE
zesty_fckeditor: DNE
devel_fckeditor: DNE
|