CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4037
https://notcve.org/view.php?id=CVE-2014-4037
11 Jun 2014 — Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. Vulnerabilidad de XSS en editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor anterior a 2.6.11 y anteriores permite a atacantes remotos inyectar secuencias de comandos... • http://ckeditor.com/blog/FCKeditor-2.6.11-Released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
05 Sep 2012 — Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a us... • http://drupal.org/node/1482442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
05 Sep 2012 — Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior ... • http://drupal.org/node/1482442 •
CVSS: 6.1EPSS: 4%CPEs: 53EXPL: 3CVE-2012-4000 – FCKEditor Core - 'Editor 'spellchecker.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4000
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permi... • https://www.exploit-db.com/exploits/37457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •