DotClear 1.2.x - ecriretrackback.php?post_id Cross-Site Scripting

2007-04-11T00:00:00
ID EXPLOITPACK:D2C8B256AC3E23D54B360E3421E982B7
Type exploitpack
Reporter nassim
Modified 2007-04-11T00:00:00

Description

DotClear 1.2.x - ecriretrackback.php?post_id Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/23411/info

DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to 1.2.6 are vulnerable. 

http://www.example.com/dotclear/ecrire/trackback.php?post_id=[XSS]