CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4037
https://notcve.org/view.php?id=CVE-2014-4037
11 Jun 2014 — Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. Vulnerabilidad de XSS en editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor anterior a 2.6.11 y anteriores permite a atacantes remotos inyectar secuencias de comandos... • http://ckeditor.com/blog/FCKeditor-2.6.11-Released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
05 Sep 2012 — Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a us... • http://drupal.org/node/1482442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
05 Sep 2012 — Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior ... • http://drupal.org/node/1482442 •
CVSS: 6.1EPSS: 4%CPEs: 53EXPL: 3CVE-2012-4000 – FCKEditor Core - 'Editor 'spellchecker.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4000
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permi... • https://www.exploit-db.com/exploits/37457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 92%CPEs: 27EXPL: 10CVE-2009-2265 – Adobe ColdFusion 8 - Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2009-2265
05 Jul 2009 — Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. Múltiples vulnerabilidades de salto de directorio en FCKeditor anterior a v2.6.4.1, permiten a atacantes remotos crear ficheros ejecutables ... • https://packetstorm.news/files/id/163271 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2009-2324
https://notcve.org/view.php?id=CVE-2009-2324
05 Jul 2009 — Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. Múltiples vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en FCKeditor anterior a v2.6.4.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML utilizando componentes en el directorio samples (también conocido como _samples). • http://www.ocert.org/advisories/ocert-2009-007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 4CVE-2006-0658 – FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2006-0658
13 Feb 2006 — Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. • https://www.exploit-db.com/exploits/1484 •