id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
9941	Security Vulnerability CKEditor	rstolz		"We are using Drupal 7 and our hosting provider has suspended our account and advised us that there is a vulnerability with CKEditor.  I have provided the information from our host below:

Here is how the hackers have exploited your account in the first place:

91.211.18.59 - - [22/Dec/2012:19:43:29 -0500] ""POST /index.php?q=ckeditor/xss HTTP/1.1"" 200 395 ""-"" ""Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)""
91.211.18.59 - - [22/Dec/2012:19:45:24 -0500] ""POST /index.php?q=ckeditor/xss HTTP/1.1"" 200 426 ""-"" ""-""
91.211.18.59 - - [22/Dec/2012:19:45:25 -0500] ""GET /wtm3971n.php HTTP/1.1"" 200 271 ""-"" ""-""
91.211.18.59 - - [22/Dec/2012:19:52:33 -0500] ""POST /wtm3971n.php?cookies=1&showimg=1&truecss=1 HTTP/1.1"" 200 308 ""-"" ""Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)""

It appears that the CKEditor script you are using is vulnerable and needs to be upgraded. You should upgrade your main web software as well as any other third party script you are using on your account."	Bug	new	Normal		General