Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1039

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1039
Last Modified 03 Aug 2012 12:00:00
Published 19 Mar 2012 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1039

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.

Vulnerable Systems

Application

  • Dotclear 1.2.1

  • Dotclear 1.2.2

  • Dotclear 1.2.3

  • Dotclear 1.2.4

  • Dotclear 1.2.5

  • Dotclear 1.2.6

  • Dotclear 1.2.7

  • Dotclear 1.2.8

  • Dotclear 2.0

  • Dotclear 2.0.1

  • Dotclear 2.0.2

  • Dotclear 2.1

  • Dotclear 2.1.1

  • Dotclear 2.1.3

  • Dotclear 2.1.4

  • Dotclear 2.1.5

  • Dotclear 2.1.6

  • Dotclear 2.1.7

  • Dotclear 2.2

  • Dotclear 2.2.1

  • Dotclear 2.2.2

  • Dotclear 2.2.3

  • Dotclear 2.3.0

  • Dotclear 2.3.1

  • Dotclear 2.4.2


References

MISC - https://www.htbridge.ch/advisory/HTB23074

CONFIRM - http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2


Last Updated: 27 May 2016 10:49:34