Cross site scripting

2007-12-2821:46:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

CPENameOperatorVersion
open_source_learning_and_knowledge_managementeq1.8
open_source_learning_and_knowledge_managementeq1.8.4
open_source_learning_and_knowledge_management_tooleq1.5
open_source_learning_and_knowledge_management_tooleq1.5.3
open_source_learning_and_knowledge_management_tooleq1.8
open_source_learning_and_knowledge_management_tooleq1.6.4
open_source_learning_and_knowledge_management_tooleq1.5.5
open_source_learning_and_knowledge_management_tooleq1.5.4
open_source_learning_and_knowledge_management_tooleq1.6.5
open_source_learning_and_knowledge_management_tooleq1.8.4

Name	Operator	Version
open_source_learning_and_knowledge_management	eq	1.8
open_source_learning_and_knowledge_management	eq	1.8.4
open_source_learning_and_knowledge_management_tool	eq	1.5
open_source_learning_and_knowledge_management_tool	eq	1.5.3
open_source_learning_and_knowledge_management_tool	eq	1.8
open_source_learning_and_knowledge_management_tool	eq	1.6.4
open_source_learning_and_knowledge_management_tool	eq	1.5.5
open_source_learning_and_knowledge_management_tool	eq	1.5.4
open_source_learning_and_knowledge_management_tool	eq	1.6.5
open_source_learning_and_knowledge_management_tool	eq	1.8.4

Rows per page:

1-10 of 111

References

osvdb.org/39771

osvdb.org/39772

osvdb.org/39773

securityreason.com/securityalert/3481

www.securityfocus.com/archive/1/485458/100/0/threaded

www.securityfocus.com/bid/26992