This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server hosts a PHP script that is affected by a cross-
site scripting vulnerability.
The version of the CKEditor installed on the remote host is affected by
a cross-site scripting vulnerability because it fails to properly
sanitize user-supplied input to the 'sample_posteddata.php' script. An
unauthenticated, remote attacker may be able to leverage this to inject
arbitrary HTML and script code into a user's browser to be executed
within the security context of the affected site.
Note that this version is reportedly also affected by a cross-site
request forgery (CSRF) vulnerability as well as a path disclosure issue.
However, Nessus did not test for these additional issues.
See also :
Upgrade to version 126.96.36.199 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 65720 ()
Bugtraq ID: 58045