CVE-2012-1039
CVE-2012-1039
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/36888unverifiedexploitdbwww.exploit-db.com/exploits/36889unverifiedexploitdbwww.exploit-db.com/exploits/36890unverifiedexploitdbwww.exploit-db.com/exploits/36891unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.htmlhttp://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2http://secunia.com/advisories/48209https://exchange.xforce.ibmcloud.com/vulnerabilities/73565https://www.htbridge.ch/advisory/HTB23074http://www.securityfocus.com/bid/52221