Vulnerabilities > CVE-2007-1989 - Cross-Site Scripting vulnerability in DotClear

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
dotclear
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

Exploit-Db

  • descriptionDotClear 1.2.x /ecrire/trackback.php post_id Parameter XSS. CVE-2007-1989 . Webapps exploit for php platform
    idEDB-ID:29838
    last seen2016-02-03
    modified2007-04-11
    published2007-04-11
    reporternassim
    sourcehttps://www.exploit-db.com/download/29838/
    titleDotClear 1.2.x /ecrire/trackback.php post_id Parameter XSS
  • descriptionDotClear 1.2.x /tools/thememng/index.php tool_url Parameter XSS. CVE-2007-1989. Webapps exploit for php platform
    idEDB-ID:29839
    last seen2016-02-03
    modified2007-04-11
    published2007-04-11
    reporternassim
    sourcehttps://www.exploit-db.com/download/29839/
    titleDotClear 1.2.x /tools/thememng/index.php tool_url Parameter XSS