|
Description
|
|
Multiple vulnerabilities have been discovered in Dotclear, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct spoofing and cross-site scripting attacks.
1) The application bundles a vulnerable version of swfupload.
For more information:
SA49651
2) Input passed via the "onclick" and "ondoubleclick" parameters to inc/swf/player_flv.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
3) Input passed via the "config" and "configxml" parameters to inc/swf/player_flv.swf and inc/swf/player_mp3.swf is not properly sanitised before being used to read configuration data. This can be exploited to spoof the player configuration.
4) Input passed via the "flv" parameter to inc/swf/player_flv.swf and the "mp3" parameter to inc/swf/player_mp3.swf is not properly sanitised before being used to stream content. This can be exploited to spoof the content.
5) Input passed via the "user_displayname" POST parameter to admin/preferences.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
The vulnerabilities are confirmed in version 2.5. Other versions may also be affected.
|
