Vigil@nce - Dotclear: four Cross Site Scripting
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate four Cross Site Scripting in the
administration interface of Dotclear, in order to execute
JavaScript code in the context of the connected administrator.
Severity: 2/4
Creation date: 13/02/2012
IMPACTED PRODUCTS
– Dotclear
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in the administration
interface of Dotclear.
The admin/auth.php page does not filter its "login_data"
parameter, before displaying it, which leads to a Cross Site
Scripting. [severity:2/4]
The admin/blogs.php page does not check if its "nb" parameter is
an integer before using it. [severity:2/4]
The admin/comments.php and admin/posts.php pages do not correctly
initialize their default values. [severity:2/4]
The plugins/tags/tag_posts.php page does not check if its "page"
parameter is an integer before using it. [severity:2/4]
An attacker can therefore generate four Cross Site Scripting in
the administration interface of Dotclear, in order to execute
JavaScript code in the context of the connected administrator.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Dotclear-four-Cross-Site-Scripting-11354