FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3930

This CVE name corresponds to:

Entered Topic
2007-07-24 dokuwiki -- XSS vulnerability in spellchecker backend

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-3930
Phase Assigned(20070720)

Description

Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.

References

Source Reference
BUGTRAQ 20070719 DokuWiki suffers XSS
MISC http://bugs.splitbrain.org/index.php?do=details&task_id=1195
CONFIRM http://wiki.splitbrain.org/wiki%3Achanges
BID 24973
VUPEN ADV-2007-2617
OSVDB 38319
SECUNIA 26150
SREASON 2908
XF dokuwiki-spellchecker-xss(35501)