ByteOS Network

Vulnerability Details :

CVE-2007-1989

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-12 Apr, 2007 | 10:00

Updated At-07 Aug, 2024 | 13:13

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:12 Apr, 2007 | 10:00

Updated At:07 Aug, 2024 | 13:13

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/23411	vdb-entry x_refsource_BID
http://www.dotclear.net/log/post/2007/04/10/Dotclear-126	x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html	mailing-list x_refsource_FULLDISC
http://www.dotclear.net/forum/viewtopic.php?id=26573	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/33615	vdb-entry x_refsource_XF
http://www.vupen.com/english/advisories/2007/1338	vdb-entry x_refsource_VUPEN
http://secunia.com/advisories/24829	third-party-advisory x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/33616	vdb-entry x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/23411

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.dotclear.net/log/post/2007/04/10/Dotclear-126

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://www.dotclear.net/forum/viewtopic.php?id=26573

Resource:

x_refsource_CONFIRM

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33615

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.vupen.com/english/advisories/2007/1338

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://secunia.com/advisories/24829

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33616

Resource:

vdb-entry

x_refsource_XF

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/23411	vdb-entry x_refsource_BID x_transferred
http://www.dotclear.net/log/post/2007/04/10/Dotclear-126	x_refsource_CONFIRM x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html	mailing-list x_refsource_FULLDISC x_transferred
http://www.dotclear.net/forum/viewtopic.php?id=26573	x_refsource_CONFIRM x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33615	vdb-entry x_refsource_XF x_transferred
http://www.vupen.com/english/advisories/2007/1338	vdb-entry x_refsource_VUPEN x_transferred
http://secunia.com/advisories/24829	third-party-advisory x_refsource_SECUNIA x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33616	vdb-entry x_refsource_XF x_transferred

Hyperlink: http://www.securityfocus.com/bid/23411

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.dotclear.net/log/post/2007/04/10/Dotclear-126

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html

Resource:

mailing-list

x_refsource_FULLDISC

x_transferred

Hyperlink: http://www.dotclear.net/forum/viewtopic.php?id=26573

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33615

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2007/1338

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://secunia.com/advisories/24829

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33616

Resource:

vdb-entry

x_refsource_XF

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:12 Apr, 2007 | 10:19

Updated At:29 Jul, 2017 | 01:31

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

dotclear>>dotclear>>Versions up to 1.2.5(inclusive)

cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html	cve@mitre.org	N/A
http://secunia.com/advisories/24829	cve@mitre.org	Vendor Advisory
http://www.dotclear.net/forum/viewtopic.php?id=26573	cve@mitre.org	Patch
http://www.dotclear.net/log/post/2007/04/10/Dotclear-126	cve@mitre.org	Patch Vendor Advisory
http://www.securityfocus.com/bid/23411	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2007/1338	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/33615	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/33616	cve@mitre.org	N/A

Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053720.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/24829

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.dotclear.net/forum/viewtopic.php?id=26573

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.dotclear.net/log/post/2007/04/10/Dotclear-126

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/23411

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2007/1338

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33615

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33616

Source: cve@mitre.org

Resource: N/A

Similar CVEs

9Records found

CVE-2014-5316

Matching Score-8

Assigner-JPCERT/CC

View Details

Matching Score-8

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.31% / 53.54%

7 Day CHG~0.00%

Published-22 Sep, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-8831

Matching Score-8

Assigner-Debian GNU/Linux

View Details

Matching Score-8

Assigner-Debian GNU/Linux

CVSS Score-6.1||MEDIUM

EPSS-0.93% / 75.10%

7 Day CHG~0.00%

Published-09 Feb, 2017 | 15:00

Updated-20 Apr, 2025 | 01:37

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2017-6446

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.16%

7 Day CHG~0.00%

Published-05 Mar, 2017 | 21:00

Updated-20 Apr, 2025 | 01:37

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-3672

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.66%

7 Day CHG~0.00%

Published-10 Jul, 2007 | 19:00

Updated-07 Aug, 2024 | 14:28

Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.

Vendor-dotclear n/a

Product-dotclear n/a

CVE-2012-1039

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-5.10% / 89.42%

7 Day CHG~0.00%

Published-19 Mar, 2012 | 19:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2016-7903

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-3.7||LOW

EPSS-0.28% / 50.67%

7 Day CHG~0.00%

Published-04 Jan, 2017 | 21:00

Updated-12 Apr, 2025 | 10:46

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Vendor-dotclear n/a

Product-dotclear n/a

CVE-2016-6523

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.79% / 72.96%

7 Day CHG~0.00%

Published-09 Dec, 2016 | 20:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-0933

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.36% / 57.17%

7 Day CHG~0.00%

Published-17 Mar, 2009 | 22:00

Updated-07 Aug, 2024 | 04:57

Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-5651

Matching Score-8

Assigner-JPCERT/CC

View Details

Matching Score-8

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 54.58%

7 Day CHG~0.00%

Published-03 Oct, 2015 | 22:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-dotclear n/a

Product-dotclear n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-1989

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs