Back to search
CVE-2007-3930
Published: Jul 21, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
dokuwiki-spellchecker-xss(35501)
vdb-entry
x_refsource_XF
2908
third-party-advisory
x_refsource_SREASON
http://wiki.splitbrain.org/wiki%3Achanges
x_refsource_CONFIRM
38319
vdb-entry
x_refsource_OSVDB
26150
third-party-advisory
x_refsource_SECUNIA
http://bugs.splitbrain.org/index.php?do=details&task_id=1195
x_refsource_MISC
20070719 DokuWiki suffers XSS
mailing-list
x_refsource_BUGTRAQ
ADV-2007-2617
vdb-entry
x_refsource_VUPEN
24973
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now