CVE-2012-4000
published 2012-07-12CVE-2012-4000: Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.25%
89.8th percentile
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | fckeditor | <= 2.6.10 | — |
| ckeditor | fckeditor | <= 2.6.7 | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
| ckeditor | fckeditor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f5vp-j99x-4jc3: Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2014-4037 [MEDIUM] CWE-79 GHSA-f5vp-j99x-4jc3: Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.
GHSA
GHSA-8c32-34gf-q623: Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheck
ghsa_unreviewed·2022-05-17
CVE-2012-4000 [MEDIUM] CWE-79 GHSA-8c32-34gf-q623: Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheck
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
No detection rules found.
No writeups or analysis indexed.
http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/http://secunia.com/advisories/49606http://www.debian.org/security/2012/dsa-2522http://www.securityfocus.com/bid/54188https://exchange.xforce.ibmcloud.com/vulnerabilities/76604http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/http://secunia.com/advisories/49606http://www.debian.org/security/2012/dsa-2522http://www.securityfocus.com/bid/54188https://exchange.xforce.ibmcloud.com/vulnerabilities/76604
2012-07-12
Published