< Back to JetLib.com

jetlib.sec » Bugtraq » Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS

« Expand/Collapse

Bugtraq

January 18, 2012
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS

Posted: January 18th, 2012, 1:45pm PST

Tags:

Posted by InterN0T Advisories on Jan 18
# Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
# Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org"
# Google Results: Approximately 379.000 results
# Date: 18th January 2012
# Author: MaXe @InterN0T (Found in a private Hatforce.com Penetration
Test)
# Software Link: http://ckeditor.com/ & http://drupal.org/node/1332022
# Version: 3.0 - Current 3.6.2 (Drupal module: 6.x-1.8)
#...

← Cisco Security Advisory: Cisco IP Vid... Xpra memory disclosure →