[Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability

Dotclear 1. Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1. allowing a remote attackers to hijack authenticated session Workaround: $postid trackback.php $toolurl/tools/thememng/index.php are not filtered 2-Proof of Concepts:...

dotclear-xss.txt

------=Part236063482423.1176380209314 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dotclear 1. Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1. allowing ...