CVE-2007-6574

Dokeos <1.8.4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30925

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30924

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30926

View Code ZIP pw:eip

References (6)

[Exploit] http://www.securityfocus.com/bid/26992

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485458/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/39771

[Third Party Advisory, VDB Entry] http://osvdb.org/39772

[Third Party Advisory, VDB Entry] http://osvdb.org/39773

[Third Party Advisory] http://securityreason.com/securityalert/3481

Scores

EPSS 0.0070

EPSS Percentile 71.7%

Classification

CWE

CWE-79

Status draft

Affected Products (11)

dokeos/open_source_learning_and_knowledge_management

dokeos/open_source_learning_and_knowledge_management

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

dokeos/open_source_learning_and_knowledge_management_tool

Timeline

Published Dec 28, 2007

Tracked Since Feb 18, 2026