FCKeditor input sanitization errors
- Sunday, July 05 2009 @ 07:20 am EDT
- Contributed by: Dirk
- Views: 11,612
An advisory has been published, warning about "input sanitization errors" in all current versions of FCKeditor. Unfortunately, the advisory is a bit light on details and so it's not clear whether FCKeditor as packaged with Geeklog is affected or not. A patch for these issues is supposed to be released this coming Monday (July 6).
Here's what we know:
- The advisory mentions that "several" of the FCKeditor connector modules are affected and suggests removing all unused connectors. Geeklog only ships with one connector (for PHP), but it's not clear whether this connector is affected or not.
- There's a second issue regarding XSS in the FCKeditor samples. Geeklog does not include the samples, so we're not affected by this issue at least.