Description

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2007-1989

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5304)

Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14233)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)

Oracle Database Server CVE-2011-2248 Vulnerability (CVE-2011-2248)

WordPress Plugin Salon Booking System Cross-Site Scripting (6.3)

Severity

Medium

Classification

CVE-2007-1989

Tags

Missing Update Known Vulnerabilities