WEB APPLICATION VULNERABILITIES Standard & Premium

Dotclear Other Vulnerability (CVE-2007-1989)

Description

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

Related Vulnerabilities

MySQL CVE-2016-8290 Vulnerability (CVE-2016-8290)

WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)

WordPress Plugin Simple Membership Cross-Site Scripting (3.5.6)

WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3)

WordPress Plugin ImportWP-Import any XML or CSV File into WordPress Security Bypass (1.1.5)

Severity

Medium

Classification

CVE-2007-1989

Tags

Missing Update Known Vulnerabilities