Dotclear swfupload Two Cross-Site Scripting Vulnerabilities
Release Date: 2013-03-12
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched
Software: Dotclear 2.x
Two vulnerabilities have been discovered in Dotclear, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of swfupload.
The vulnerabilities are confirmed in version 2.4.4. Other versions may also be affected.
No official solution is currently available.