Vigil@nce - Dotclear 2.5: Cross Site Scripting of swfupload.swf
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in swfupload.swf of
Dotclear, in order to execute JavaScript code in the context of
the web site.
– Impacted products: Dotclear
– Severity: 2/4
– Creation date: 15/04/2013
DESCRIPTION OF THE VULNERABILITY
To fix the vulnerability VIGILANCE-VUL-12149
(https://vigilance.fr/tree/1/12149), Dotclear 2.5 uses a modified
version of swfupload.swf.
However, swfupload.swf does not filter received data before
inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting in
swfupload.swf of Dotclear, in order to execute JavaScript code in
the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Dotclear-2-5-Cross-Site-Scripting-of-swfupload-swf-12669