|
Description
|
|
High-Tech Bridge SA has discovered multiple vulnerabilities in Dotclear, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed to the "login_data" POST parameter in admin/auth.php (when "new_pwd" and "new_pwd_c" are set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "nb" parameter in admin/blogs.php, "type", "sortby", "order", and "status" parameters in admin/comments.php, and "page" parameter in admin/plugin.php (when "p" is set to "tags", "m" is set to "tag_posts", and "tag" is set to a valid tag name) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 2.4.1.2. Prior versions may also be affected.
|
