Описание
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.0.20050922-4ubuntu1.2 |
| devel | not-affected | |
| edgy | released | 0.0.20060309-5ubuntu0.1 |
| feisty | released | 0.0.20061106-6ubuntu0.1 |
| upstream | released | 0.0.20070626b |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
4.3 Medium
CVSS2