Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote     attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2014-5191)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in 'Apache Commons HttpClient' that allows     a man-in-the-middle attacker to spoof SSL servers via a     certificate with a subject that specifies a common name     in a field that is not the CN field. (CVE-2012-6153)

  - A flaw exists in 'Apache HttpComponents' that allows a     man-in-the-middle attacker to spoof SSL servers via a     certificate with a subject that specifies a common name     in a field that is not the CN field. (CVE-2014-3577)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - A cross-site scripting vulnerability exists in the     'Preview' plugin in CKEditor, which allows a remote     attacker to inject arbitrary data via unspecified     vectors. (CVE-2014-5191)

  - A cross-site scripting vulnerability exists that allows     an attacker to inject arbitrary web script or HTML via a     specially crafted URL. (CVE-2014-6171)

  - A flaw exists when the Managed Pages setting is enabled     that allows a remote, authenticated attacker to write to     pages via an XML injection attack. (CVE-2014-6193)

  - A cross-site scripting vulnerability exists in the Blog     Portlet, which allows an attacker to inject arbitrary     data via a specially crafted URL. (CVE-2014-8902)

The version of IBM WebSphere Portal installed on the remote host is affected by a cross-site scripting vulnerability in the CKEditor component due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute scripts in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials.

The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :

  - Multiple vulnerabilities exist in the Apache Cordova     component, including cross-application scripting,     security bypass, and information disclosure.
    (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)

  - An information disclosure flaw exists that allows     remote authenticated attackers to obtain credentials     by reading HTML source code. (CVE-2014-4761)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists that is caused by improper recursion     detection during entity expansion. By tricking a user     into opening a specially-crafted XML document, an     attacker can cause the system to crash, resulting in a     denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - A flaw exists in CKEditor in the Preview plugin that     allows a cross-site scripting attack. The flaw exists     due to 'plugins/preview/preview.html' not properly     validating user-supplied input before returning it to     users. This allows an attacker to send a specially     crafted request designed to steal cookie-based     authentication credentials. (CVE-2014-5191)

  - A cross-site request forgery vulnerability exists due     to improper validation of user-supplied input. By     tricking a user into visiting a malicious website, a     remote attacker can perform cross-site scripting     attacks, web cache poisoning, and other malicious     activities. (CVE-2014-6125)

  - A cross-site scripting vulnerability exists due to     improper validation of user-supplied input. A remote     attacker can execute code within a victim's web browser     within the context of the hosted site. This can lead to     the compromise of the user's cookie-based authentication     credentials. (CVE-2014-6126)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user input.
    (CVE-2014-4762)

The version of CKEditor installed on the remote host is affected by a cross-site scripting vulnerability.

The included 'Preview' plugin fails to properly sanitize user-supplied input. A remote, unauthenticated attacker can leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

ID	Name	Product	Family	Severity
254343	Linux Distros Unpatched Vulnerability : CVE-2014-5191	Nessus	Misc.	medium
82850	IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78746	IBM WebSphere Portal CKEditor XSS (PI24992, PI26456)	Nessus	CGI abuses	medium
78742	IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities	Nessus	CGI abuses	medium
76943	CKEditor Preview Plugin Unspecified XSS	Nessus	CGI abuses : XSS	medium

Detections

Analytics

CVE-2014-5191

medium

Tenable Plugins

medium

medium

medium

medium

medium