CVE-2012-4000

FCKeditor < 2.6.7 - Cross-Site Scripting via textinputs Array Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4000. PoCs published by Emilio Pinna.

AI-analyzed exploit summary This is a proof-of-concept for a cross-site scripting (XSS) vulnerability in FCKEditor. It demonstrates how an attacker can inject arbitrary JavaScript code into a vulnerable FCKEditor instance by submitting a maliciously crafted form.

Description

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Emilio Pinna · htmlwebappsphp

https://www.exploit-db.com/exploits/37457

View Code ZIP pw:eip

This is a proof-of-concept for a cross-site scripting (XSS) vulnerability in FCKEditor. It demonstrates how an attacker can inject arbitrary JavaScript code into a vulnerable FCKEditor instance by submitting a maliciously crafted form.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FCKEditor 2.6.7 (and prior versions)

No auth needed

Prerequisites: A vulnerable FCKEditor instance accessible to the attacker

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2522

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49606

Exploit x_refsource_misc

http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/76604

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54188

Scores

EPSS 0.0425

EPSS Percentile 89.8%

Details

CWE

CWE-79

Status published

Products (37)

ckeditor/fckeditor 0.8 beta

ckeditor/fckeditor 0.8.5 beta

ckeditor/fckeditor 0.9.0 beta

ckeditor/fckeditor 0.9.1 beta

ckeditor/fckeditor 0.9.2 beta

ckeditor/fckeditor 0.9.3 beta

ckeditor/fckeditor 0.9.4 beta

ckeditor/fckeditor 0.9.5 beta

ckeditor/fckeditor 1.0 (3 CPE variants)

ckeditor/fckeditor 1.1

... and 27 more

Published Jul 12, 2012

Tracked Since Feb 18, 2026