CVE-2012-4000

Name of the Vulnerable Software and Affected Versions FCKeditor versions 2.6.7 and earlier

Description A cross-site scripting (XSS) issue exists in the print textinputs var function, allowing remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Multiple vulnerabilities in the FCKeditor package may lead to a breach of protected information integrity, and exploitation can be done remotely.

Recommendations For FCKeditor versions 2.6.7 and earlier, consider disabling the print textinputs var function in the spellchecker.php file as a temporary workaround until a patch is available. Restrict access to the spellchecker.php file to minimize the risk of exploitation. Avoid using the textinputs array parameters in the affected API endpoint until the issue is resolved.