|
|
CVE Reference: CVE-2007-1989 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1989 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/33616 http://xforce.iss.net/xforce/xfdb/33615 SAID Secunia Advisory: SA24829 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html CONFIRM http://www.dotclear.net/forum/viewtopic.php?id=26573 http://www.dotclear.net/log/post/2007/04/10/Dotclear-126 BID 23411 |
|
| Return to the previous page. |
