Debian Security Advisory
DSA-2522-1 fckeditor -- cross site scripting
- Date Reported:
- 05 Aug 2012
- Affected Packages:
- fckeditor
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 683418.
In Mitre's CVE dictionary: CVE-2012-4000. - More information:
-
Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular HTML/DHTML editor for the web.
For the stable distribution (squeeze), this problem has been fixed in version 1:2.6.6-1squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 1:2.6.6-3.
For the unstable distribution (sid), this problem has been fixed in version 1:2.6.6-3.
We recommend that you upgrade your fckeditor packages.