CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4037
https://notcve.org/view.php?id=CVE-2014-4037
11 Jun 2014 — Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. Vulnerabilidad de XSS en editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor anterior a 2.6.11 y anteriores permite a atacantes remotos inyectar secuencias de comandos... • http://ckeditor.com/blog/FCKeditor-2.6.11-Released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 53EXPL: 3CVE-2012-4000 – FCKEditor Core - 'Editor 'spellchecker.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4000
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permi... • https://www.exploit-db.com/exploits/37457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •