Security Information / 2012 / Security Information -- DSA-2522-1 fckeditor

Debian Security Advisory

DSA-2522-1 fckeditor -- cross site scripting

Date Reported:

05 Aug 2012

Affected Packages:

fckeditor

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 683418.
In Mitre's CVE dictionary: CVE-2012-4000.

More information:

Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular HTML/DHTML editor for the web.

For the stable distribution (squeeze), this problem has been fixed in version 1:2.6.6-1squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 1:2.6.6-3.

For the unstable distribution (sid), this problem has been fixed in version 1:2.6.6-3.

We recommend that you upgrade your fckeditor packages.