WEB APPLICATION VULNERABILITIES Standard & Premium

Dotclear Other Vulnerability (CVE-2007-1989)

Description

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

Related Vulnerabilities

WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4422)

PostgreSQL Other Vulnerability (CVE-2002-0802)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (5.8.0)

PHP Other Vulnerability (CVE-2007-2511)

Severity

Medium

Classification

CVE-2007-1989

Tags

Missing Update Known Vulnerabilities