CVE-2009-2324

Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
fckeditorfckeditor
𝑥
≤ 2.6.4
fckeditorfckeditor
2.0
fckeditorfckeditor
2.0_fc:_fc
fckeditorfckeditor
2.0_rc2:_rc2
fckeditorfckeditor
2.0rc2:rc2
fckeditorfckeditor
2.0rc3:rc3
fckeditorfckeditor
2.1
fckeditorfckeditor
2.1.1
fckeditorfckeditor
2.2
fckeditorfckeditor
2.3
fckeditorfckeditor
2.3:beta
fckeditorfckeditor
2.3.1
fckeditorfckeditor
2.3.2
fckeditorfckeditor
2.3.3
fckeditorfckeditor
2.4
fckeditorfckeditor
2.4.1
fckeditorfckeditor
2.4.2
fckeditorfckeditor
2.4.3
fckeditorfckeditor
2.5
fckeditorfckeditor
2.5:beta
fckeditorfckeditor
2.5.1
fckeditorfckeditor
2.6
fckeditorfckeditor
2.6.1
fckeditorfckeditor
2.6.2
fckeditorfckeditor
2.6.3
fckeditorfckeditor
2.6.3:beta
fckeditorfckeditor
2.6.4:beta
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fckeditor
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
Fixed 1:2.6.2-1lenny1build0.8.10.1
released
hardy
ignored
dapper
dne
moin
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://www.ocert.org/advisories/ocert-2009-007.html
http://www.securityfocus.com/archive/1/504721/100/0/threaded
http://www.securitytracker.com/id?1022513
http://www.ocert.org/advisories/ocert-2009-007.html
http://www.securityfocus.com/archive/1/504721/100/0/threaded
http://www.securitytracker.com/id?1022513