Dotclear swfupload Two Cross-Site Scripting Vulnerabilities

by Carol~ Moderator - 3/12/13 12:19 PM

In Reply to: VULNERABILITIES / FIXES - March 12, 2013 by Carol~ Moderator

Release Date: 2013-03-12

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Dotclear 2.x

Description:
Two vulnerabilities have been discovered in Dotclear, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerabilities are caused due to a bundled vulnerable version of swfupload.

The vulnerabilities are confirmed in version 2.4.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Original Advisory:
MustLive:
http://websecurity.com.ua/6365/
http://packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html

http://secunia.com/advisories/52540/