DotClear Multiple Cross-Site Scripting Vulnerabilities
BID:23411
Info
DotClear Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 23411 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Apr 11 2007 11:11PM |
| Credit: | nassim is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Dotclear Dotclear 1.2.5 Dotclear Dotclear 1.2.4 Dotclear Dotclear 1.2.3 Dotclear Dotclear 1.2.2 Dotclear Dotclear 1.2.1 |
| Not Vulnerable: |
Dotclear Dotclear 1.2.6 |
Discussion
DotClear Multiple Cross-Site Scripting Vulnerabilities
DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 1.2.6 are vulnerable.
DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 1.2.6 are vulnerable.
Exploit / POC
DotClear Multiple Cross-Site Scripting Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/dotclear/ecrire/trackback.php?post_id=[XSS]
http://www.example.com/tools/thememng/index.php?tool_url=[XSS]
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/dotclear/ecrire/trackback.php?post_id=[XSS]
http://www.example.com/tools/thememng/index.php?tool_url=[XSS]
Solution / Fix
DotClear Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released version 1.2.6 to address these issues. Please see the references for more information.
Dotclear Dotclear 1.2.1
Dotclear Dotclear 1.2.2
Dotclear Dotclear 1.2.3
Dotclear Dotclear 1.2.4
Dotclear Dotclear 1.2.5
Solution:
The vendor has released version 1.2.6 to address these issues. Please see the references for more information.
Dotclear Dotclear 1.2.1
-
Dotclear latest-1.2.tar.gz
http://download.dotclear.net/latest-1.2.tar.gz
Dotclear Dotclear 1.2.2
-
Dotclear latest-1.2.tar.gz
http://download.dotclear.net/latest-1.2.tar.gz
Dotclear Dotclear 1.2.3
-
Dotclear latest-1.2.tar.gz
http://download.dotclear.net/latest-1.2.tar.gz
Dotclear Dotclear 1.2.4
-
Dotclear latest-1.2.tar.gz
http://download.dotclear.net/latest-1.2.tar.gz
Dotclear Dotclear 1.2.5
-
Dotclear latest-1.2.tar.gz
http://download.dotclear.net/latest-1.2.tar.gz