Dokeos 'forum' and 'origin' Multiple Cross-Site Scripting Vulnerabilities

Dokeos 'forum' and 'origin' Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The follow proof-of-concept URIs are available:

http://www.example.com/main/forum/viewforum.php?cidReq=[Forum-ID]&forum=XSS
http://www.example.com/main/forum/viewthread.php?forum=XSS
http://www.example.com/main/work/work.php?cidReq=[Forum-ID]&curdirpath=/&display_upload_form=true&origin=XSS