CVE-2009-2324

Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.

Published: Jul 5, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2324
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
fckeditor / fckeditor	2.4	2.4.x
fckeditor / fckeditor	2.6.3-beta	2.6.3-beta.x
fckeditor / fckeditor	2.6.3	2.6.3.x
fckeditor / fckeditor	-	2.6.4.x
fckeditor / fckeditor	2.6	2.6.x
fckeditor / fckeditor	2.4.3	2.4.3.x
fckeditor / fckeditor	2.5	2.5.x
fckeditor / fckeditor	2.3-beta	2.3-beta.x
fckeditor / fckeditor	2.3.3	2.3.3.x
fckeditor / fckeditor	2.5-beta	2.5-beta.x
fckeditor / fckeditor	2.4.2	2.4.2.x
fckeditor / fckeditor	2.4.1	2.4.1.x
fckeditor / fckeditor	2.1	2.1.x
fckeditor / fckeditor	2.0rc3	2.0rc3.x
fckeditor / fckeditor	2.0_fc	2.0_fc.x
fckeditor / fckeditor	2.6.2	2.6.2.x
fckeditor / fckeditor	2.3.1	2.3.1.x
fckeditor / fckeditor	2.0	2.0.x
fckeditor / fckeditor	2.2	2.2.x
fckeditor / fckeditor	2.5.1	2.5.1.x
fckeditor / fckeditor	2.0rc2	2.0rc2.x
fckeditor / fckeditor	2.0_rc2	2.0_rc2.x
fckeditor / fckeditor	2.1.1	2.1.1.x
fckeditor / fckeditor	2.3	2.3.x
fckeditor / fckeditor	2.6.1	2.6.1.x
fckeditor / fckeditor	2.6.4-beta	2.6.4-beta.x
fckeditor / fckeditor	2.3.2	2.3.2.x

Vulnerability Database

289,784

CVE-2009-2324