[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1989Date: (C)2007-04-12   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html
BID-23411
SECUNIA-24829
ADV-2007-1338
dotclear-tools-xss(33616)
dotclear-trackback-xss(33615)
http://www.dotclear.net/forum/viewtopic.php?id=26573
http://www.dotclear.net/log/post/2007/04/10/Dotclear-126

CPE    1
cpe:/a:dotclear:dotclear

© SecPod Technologies