Published: 12/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in DotClear prior to 1.2.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dotclear dotclear

source: wwwsecurityfocuscom/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the at ...

source: wwwsecurityfocuscom/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the atta ...

NVD-CWE-Other http://www.dotclear.net/forum/viewtopic.php?id=26573 http://www.dotclear.net/log/post/2007/04/10/Dotclear-126 http://secunia.com/advisories/24829 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html http://www.securityfocus.com/bid/23411 http://www.vupen.com/english/advisories/2007/1338 https://exchange.xforce.ibmcloud.com/vulnerabilities/33616 https://exchange.xforce.ibmcloud.com/vulnerabilities/33615 https://nvd.nist.gov https://www.exploit-db.com/exploits/29839/

CVE-2007-1989

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect