Summary
This host is installed with CKEditor and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site and results in loss of confidentiality.
Impact Level: Application
Solution
Update to CKEditor Version 4.0.1.1 or later
For updates refer to http://ckeditor.com/download
Insight
Input passed via POST parameters to /ckeditor/samples/sample_posteddata.php is not properly sanitized before being returned to the user.
Affected
CKEditor Version 4.0.1
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability