CVE-2014-4037
https://notcve.org/view.php?id=CVE-2014-4037
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. Vulnerabilidad de XSS en editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor anterior a 2.6.11 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una clave de array en el parámetro textinputs[], un problema diferente a CVE-2012-4000. • http://ckeditor.com/blog/FCKeditor-2.6.11-Released http://packetstormsecurity.com/files/126902/FCKeditor-2.6.10-Cross-Site-Scripting.html http://www.securitytracker.com/id/1030413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4000 – FCKEditor Core - 'Editor 'spellchecker.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4000
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros de matriz de 'textinputs'. • https://www.exploit-db.com/exploits/37457 http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability http://secunia.com/advisories/49606 http://www.debian.org/security/2012/dsa-2522 http://www.securityfocus.com/bid/54188 https://exchange.xforce.ibmcloud.com/vulnerabilities/76604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •