Lucene search

[email protected]CVE-2012-4000

HistoryJul 12, 2012 - 9:55 p.m.

CVE-2012-4000

2012-07-1221:55:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-4000

cross-site scripting

xss

fckeditor

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

Affected configurations

NVD

Node

ckeditorfckeditorRange≤2.6.7

ckeditorfckeditorMatch0.8beta

ckeditorfckeditorMatch0.8.5beta

ckeditorfckeditorMatch0.9.0beta

ckeditorfckeditorMatch0.9.1beta

ckeditorfckeditorMatch0.9.2beta

ckeditorfckeditorMatch0.9.3beta

ckeditorfckeditorMatch0.9.4beta

ckeditorfckeditorMatch0.9.5beta

ckeditorfckeditorMatch1.0

ckeditorfckeditorMatch1.0fc

ckeditorfckeditorMatch1.0rc1

ckeditorfckeditorMatch1.1

ckeditorfckeditorMatch1.2

ckeditorfckeditorMatch1.2.2

ckeditorfckeditorMatch1.2.4

ckeditorfckeditorMatch1.3

ckeditorfckeditorMatch1.3.1

ckeditorfckeditorMatch1.4

ckeditorfckeditorMatch1.5

ckeditorfckeditorMatch1.6

ckeditorfckeditorMatch2.0

ckeditorfckeditorMatch2.0beta1

ckeditorfckeditorMatch2.0beta2

ckeditorfckeditorMatch2.0fc

ckeditorfckeditorMatch2.0rc1

ckeditorfckeditorMatch2.0rc2

ckeditorfckeditorMatch2.0rc3

ckeditorfckeditorMatch2.1

ckeditorfckeditorMatch2.1.1

ckeditorfckeditorMatch2.2

ckeditorfckeditorMatch2.3

ckeditorfckeditorMatch2.3beta

ckeditorfckeditorMatch2.3.1

ckeditorfckeditorMatch2.3.2

ckeditorfckeditorMatch2.3.3

ckeditorfckeditorMatch2.4

ckeditorfckeditorMatch2.4.1

ckeditorfckeditorMatch2.4.2

ckeditorfckeditorMatch2.4.3

ckeditorfckeditorMatch2.5

ckeditorfckeditorMatch2.5beta

ckeditorfckeditorMatch2.5.1

ckeditorfckeditorMatch2.6beta

ckeditorfckeditorMatch2.6rc

ckeditorfckeditorMatch2.6.1

ckeditorfckeditorMatch2.6.2

ckeditorfckeditorMatch2.6.3

ckeditorfckeditorMatch2.6.3beta

ckeditorfckeditorMatch2.6.4

ckeditorfckeditorMatch2.6.4beta

ckeditorfckeditorMatch2.6.4.1

ckeditorfckeditorMatch2.6.5

CPENameOperatorVersion
ckeditor:fckeditorckeditor fckeditorle2.6.7
ckeditor:fckeditorckeditor fckeditoreq0.8
ckeditor:fckeditorckeditor fckeditoreq0.8.5
ckeditor:fckeditorckeditor fckeditoreq0.9.0
ckeditor:fckeditorckeditor fckeditoreq0.9.1
ckeditor:fckeditorckeditor fckeditoreq0.9.2
ckeditor:fckeditorckeditor fckeditoreq0.9.3
ckeditor:fckeditorckeditor fckeditoreq0.9.4
ckeditor:fckeditorckeditor fckeditoreq0.9.5
ckeditor:fckeditorckeditor fckeditoreq1.0

CPE	Name	Operator	Version
ckeditor:fckeditor	ckeditor fckeditor	le	2.6.7
ckeditor:fckeditor	ckeditor fckeditor	eq	0.8
ckeditor:fckeditor	ckeditor fckeditor	eq	0.8.5
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.0
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.1
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.2
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.3
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.4
ckeditor:fckeditor	ckeditor fckeditor	eq	0.9.5
ckeditor:fckeditor	ckeditor fckeditor	eq	1.0