Vigil@nce - Dotclear 2.5: Cross Site Scripting of player_flv.swf
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in player_flv.swf
of Dotclear, in order to execute JavaScript code in the context of
the web site.
– Impacted products: Dotclear
– Severity: 2/4
– Creation date: 15/04/2013
DESCRIPTION OF THE VULNERABILITY
To fix a 2011 vulnerability, Dotclear 2.5 uses a modified version
of player_flv.swf.
However, player_flv.swf does not filter received data before
inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting in
swfupload.swf of Dotclear, in order to execute JavaScript code in
the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Dotclear-2-5-Cross-Site-Scripting-of-player-flv-swf-12670