Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-3930

Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.

Related bugs and status

CVE-2007-3930 (Candidate) is related to these bugs:

Bug #147993: XSS vulnerability in dokuwiki

		In	Importance	Status
147993	XSS vulnerability in dokuwiki	dokuwiki (Ubuntu)	Medium	Fix Released
147993	XSS vulnerability in dokuwiki	dokuwiki (Ubuntu Dapper)	Medium	Fix Released
147993	XSS vulnerability in dokuwiki	dokuwiki (Ubuntu Edgy)	Medium	Fix Released
147993	XSS vulnerability in dokuwiki	dokuwiki (Ubuntu Feisty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://wiki.splitbrain...
SREASON: 2908
BID: 24973
SECUNIA: 26150
OSVDB: 38319
VUPEN: ADV-2007-2617
MISC: http://bugs.splitbrain...
XF: dokuwiki-spellchecker-...
BUGTRAQ: 20070719 DokuWiki suff...