Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Sitemap

CVE-2008-0851 (E-Learning System)
BugsAlert Home > CVE-2008-0851 (E-Learning System)
 
 

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.




Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0851

Learn more about CVE-2008-0851 (E-Learning System)
 
Tags: cve-2008-0851 e-learning system

Related Items
      FrSIRT - Adobe Flex History Management Cross Site Scripting Vulnerability

      CVE-2008-0213 (Virtual Rooms)

      FrSIRT - nfs-utils TCP Wrappers Netgroup Security Bypass Vulnerability

      VMware ESX Server update for e2fsprogs

      rPath Security Update Fixes Dovecot LDAP Auth Cache Security Bypass

      BlogPHP Script Insertion and Cross-Site Scripting

      CVE-2007-6184 (Project Alumni)

 
© 2007-2008 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel