Categories

Applications (222)
Blogs (7)
Content Management (148)
Customer Relationship (2)
Discussion Boards (29)
E-Commerce (14)
General Purpose Directories (2)
Image Galleries (18)
Mailing Lists (1)
Tips (3)
Vulnerabilities (337)
Access Bypass (50)
Cross Site Scripting (123)
Denial Of Service (2)
File Inclusion (51)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (16)
Session Hijacking (2)
SQL Injection (130)
« IceBB “X-Forwarded-For” SQL Injection
PMOS Help Desk PHP Code Execution and Security Bypass »

Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities

Published by David December 28th, 2007 in Access Bypass and Cross Site Scripting.

Application: Dokeos
Affected Version: Dokeos 1.x
Vendor’s URL: Application site
Bug Type: Cross Site Scripting, System bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is sanitised or consult with provider for proper action.

0 Responses to “Dokeos “My productions” File Upload and Cross-Site Scripting Vulnerabilities”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« IceBB “X-Forwarded-For” SQL Injection
PMOS Help Desk PHP Code Execution and Security Bypass »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional