Vulnerability Name:

CVE-2012-4000 (CCN-76604)

Assigned:2012-06-22
Published:2012-06-22
Updated:2017-08-29
Summary:Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-4000

Source: CCN
Type: Dissecting
FCKEditor reflected XSS vulnerability

Source: MISC
Type: Exploit
http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/

Source: CCN
Type: SA49606
FCKeditor "print_textinputs_var()" Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
49606

Source: DEBIAN
Type: UNKNOWN
DSA-2522

Source: DEBIAN
Type: DSA-2522
fckeditor -- cross site scripting

Source: CCN
Type: FCKEditor Web Site
FCKEditor

Source: CCN
Type: OSVDB ID: 83278
FCKeditor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php textinputs Parameter XSS

Source: BID
Type: Exploit
54188

Source: CCN
Type: BID-54188
FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
fckeditor-spellchecker-xss(76604)

Source: XF
Type: UNKNOWN
fckeditor-spellchecker-xss(76604)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ckeditor:fckeditor:0.8:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.8.5:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.0:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.1:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.2:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.3:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.4:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:0.9.5:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.0:fc:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:fc:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.3:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.5:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6:rc:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ckeditor:fckeditor:*:*:*:*:*:*:*:* (Version <= 2.6.7)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18503
    P
    		DSA-2522-1 fckeditor - cross site scripting
    2014-06-23
    oval:com.ubuntu.precise:def:20124000000
    V
    		CVE-2012-4000 on Ubuntu 12.04 LTS (precise) - medium.
    2012-07-12
    BACK
    ckeditor fckeditor 0.8 beta
    ckeditor fckeditor 0.8.5 beta
    ckeditor fckeditor 0.9.0 beta
    ckeditor fckeditor 0.9.1 beta
    ckeditor fckeditor 0.9.2 beta
    ckeditor fckeditor 0.9.3 beta
    ckeditor fckeditor 0.9.4 beta
    ckeditor fckeditor 0.9.5 beta
    ckeditor fckeditor 1.0
    ckeditor fckeditor 1.0 fc
    ckeditor fckeditor 1.0 rc1
    ckeditor fckeditor 1.1
    ckeditor fckeditor 1.2
    ckeditor fckeditor 1.2.2
    ckeditor fckeditor 1.2.4
    ckeditor fckeditor 1.3
    ckeditor fckeditor 1.3.1
    ckeditor fckeditor 1.4
    ckeditor fckeditor 1.5
    ckeditor fckeditor 1.6
    ckeditor fckeditor 2.0
    ckeditor fckeditor 2.0 beta1
    ckeditor fckeditor 2.0 beta2
    ckeditor fckeditor 2.0 fc
    ckeditor fckeditor 2.0 rc1
    ckeditor fckeditor 2.0 rc2
    ckeditor fckeditor 2.0 rc3
    ckeditor fckeditor 2.1
    ckeditor fckeditor 2.1.1
    ckeditor fckeditor 2.2
    ckeditor fckeditor 2.3
    ckeditor fckeditor 2.3 beta
    ckeditor fckeditor 2.3.1
    ckeditor fckeditor 2.3.2
    ckeditor fckeditor 2.3.3
    ckeditor fckeditor 2.4
    ckeditor fckeditor 2.4.1
    ckeditor fckeditor 2.4.2
    ckeditor fckeditor 2.4.3
    ckeditor fckeditor 2.5
    ckeditor fckeditor 2.5 beta
    ckeditor fckeditor 2.5.1
    ckeditor fckeditor 2.6 beta
    ckeditor fckeditor 2.6 rc
    ckeditor fckeditor 2.6.1
    ckeditor fckeditor 2.6.2
    ckeditor fckeditor 2.6.3
    ckeditor fckeditor 2.6.3 beta
    ckeditor fckeditor 2.6.4
    ckeditor fckeditor 2.6.4 beta
    ckeditor fckeditor 2.6.4.1
    ckeditor fckeditor 2.6.5
    ckeditor fckeditor *