4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.129 Low
EPSS
Percentile
95.4%
Interpretation conflict between Microsoft Internet Explorer and DocuWiki
before 2007-06-26b allows remote attackers to inject arbitrary JavaScript
and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8
encoded messages via the spell_utf8test function in lib/exe/spellcheck.php,
which triggers HTML document identification and script execution by
Internet Explorer even though the Content-Type header is text/plain.