CVE-2012-4000

Fckeditor < 2.6.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Emilio Pinna · htmlwebappsphp

https://www.exploit-db.com/exploits/37457

View Code ZIP pw:eip

References (5)

[Exploit] http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/

[Vendor Advisory] http://secunia.com/advisories/49606

[Exploit] http://www.securityfocus.com/bid/54188

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76604

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2522

Scores

EPSS 0.0276

EPSS Percentile 85.8%

Classification

CWE

CWE-79

Status published

Affected Products (50)

ckeditor/fckeditor < 2.6.7

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

ckeditor/fckeditor

... and 35 more

Timeline

Published Jul 12, 2012

Tracked Since Feb 18, 2026