|
|
CVE Reference: CVE-2007-3930 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3930 |
|
|
Description: Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35501 SREASON http://securityreason.com/securityalert/2908 SAID Secunia Advisory: SA26150 OSVDB 38319 MISC http://bugs.splitbrain.org/index.php?do=details&task_id=1195 CONFIRM http://wiki.splitbrain.org/wiki%3Achanges BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/474144/100/0/threaded BID 24973 |
|
| Return to the previous page. |
