CKEditor Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with CKEditor and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site and results in loss of confidentiality. Impact Level: Application

Solution

Update to CKEditor Version 4.0.1.1 or later For updates refer to http://ckeditor.com/download

Insight

Input passed via POST parameters to /ckeditor/samples/sample_posteddata.php is not properly sanitized before being returned to the user.

Affected

CKEditor Version 4.0.1

References

http://ckeditor.com/release/CKEditor-4.0.1.1
http://osvdb.org/90373
http://packetstormsecurity.com/files/120387
http://www.exploit-db.com/exploits/24530

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

An Image Gallery Directory Traversal Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
/cgi-bin directory browsable ?

Take action and discover your vulnerabilities