CVE-2009-2324
Published: 5 July 2009
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
Notes
| Author | Note |
|---|---|
| jdstrand | moin in Ubuntu 6.06 LTS and 8.04 LTS is not affected because it removes the _samples files as part of 'binary-fixup' target. On Ubuntu 8.10, they are shipped in /usr/share/doc |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
fckeditor Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Released
(1:2.6.2-1lenny1build0.8.10.1)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Released
(2.6.4.1)
|
|
|
moin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not shipped)
|
| hardy |
Not vulnerable
(code not shipped)
|
|
| intrepid |
Ignored
(end of life)
|
|
| jaunty |
Not vulnerable
(system fckeditor)
|
|
| karmic |
Not vulnerable
(system fckeditor)
|
|
| lucid |
Not vulnerable
(system fckeditor)
|
|
| maverick |
Not vulnerable
(system fckeditor)
|
|
| natty |
Not vulnerable
(system fckeditor)
|
|
| oneiric |
Not vulnerable
(system fckeditor)
|
|
| upstream |
Needs triage
|