CKEditor sample_posteddata.php XSS

medium Nessus Plugin ID 65720

Synopsis

The remote web server hosts a PHP script that is affected by a cross- site scripting vulnerability.

Description

The version of the CKEditor installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'sample_posteddata.php' script. An unauthenticated, remote attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Note that this version is reportedly also affected by a cross-site request forgery (CSRF) vulnerability as well as a path disclosure issue. However, Nessus did not test for these additional issues.

Solution

Upgrade to version 4.0.1.1 or later.

See Also

http://www.nessus.org/u?043899a3

https://ckeditor.com/blog/CKEditor-4.0.1.1-Released/

Plugin Details

Severity: Medium

ID: 65720

File Name: ckeditor_sample_posteddata_xss.nasl

Version: 1.8

Type: remote

Published: 3/28/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:ckeditor:ckeditor

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2/20/2013

Vulnerability Publication Date: 2/19/2013

Reference Information

BID: 58045

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990