You can update your FCKEditor module (check: http://drupal.org/node/1482442)
Or,
you can use CKEditor instead of FCKEDITOR. See: http://drupal.org/project/ckeditor
I have faced similar security issue using CKEditor. And I have following the below steps:
Here is the process to update ckeditor and ckfinder:
- Update CKeditor version 6.x—1.13
- Download CK Finder latest version 2.3
- Unzip the ckfinder in sites/all/module/contrib/ckeditor/ckfinder
- Open /all/module/contrib/ckeditor/ckfinder/config.php
Comment out the CheckAuthentication() function
![enter image description here](https://i.stack.imgur.com/ZlSqC.jpg)
Add the below two lines
![enter image description here](https://i.stack.imgur.com/yPBHn.jpg)
$baseUrl may differ depends on products.
- Open /contrib/ckeditor/ckfinder/config.js
add the below lines:
![enter image description here](https://i.stack.imgur.com/xVbDb.jpg)
Note: I would like to request all to prepare a set of allowed and denied extensions
![enter image description here](https://i.stack.imgur.com/5265p.jpg)
One more additional issue: Add cookie_domain in sites/default/settings.php file.