Description

Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.

Remediation

References

CVE-2007-3672

Related Vulnerabilities

OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-6306)

WordPress Plugin cformsII Arbitrary File Upload (14.7)

WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)

Oracle Database Server CVE-2007-2117 Vulnerability (CVE-2007-2117)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)

Severity

Medium

Classification

CVE-2007-3672

Tags

Missing Update Known Vulnerabilities