N/A

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.

N/A

N/A

Dokeos 跨站脚本漏洞

Dokeos是一套开源的网上教育与课程管理系统。该系统支持文件上传、课件制作、通知发布等教学辅助功能。 Dokeos 2.1.1版本中存在跨站脚本漏洞，该漏洞源于main/auth/profile.php脚本没有正确过滤‘Phone’，‘Street’，‘Address line’，‘Zip code’，‘City’字段，main/social/groups.php脚本没有过滤‘Subject’参数，main/messages/view_message.php脚本没有过滤‘Message body’参数。

N/A

N/A