Published: 26/09/2014 Updated: 16/09/2015

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Asp.net Ajax Radeditor Control

Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote malicious users to inject arbitrary web script or HTML via CSS expressions in style attributes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
telerik asp.net ajax radeditor control 2009.3.1208.20
telerik asp.net ajax radeditor control

Researcher details nasty XSS flaw in popular web editor

The Register • Darren Pauli • 01 Oct 2014

First denial, then anger, then DDoS, then patching.

A tool that's popular with Microsoft's in-house developers, the RadEditor HTML editor, contains a dangerous cross-site scripting (XSS) vulnerability, researcher GS McNamara says. The editor was developed by Telerik and used in trusted in-house code in many big enterprises and across Redmond products including MSDN, CodePlex, TechNet, MCMS and as an alternative for SharePoint. McNamara of CGI Federal said the flaw (CVE-2014-4958) was dangerous leading to typical XSS impacts including potential th...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-4958

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect