CVE-2007-6574

Published: Dec 28, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

Affected (11)

Products: Dokeos: Open Source Learning And Knowledge Management, Open Source Learning And Knowledge Management Tool

Dokeos

2 products

Open Source Learning And Knowledge Management

Open Source Learning And Knowledge Management Tool

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Dokeos Open Source Learning And Knowledge Management	Version 1.8.4
Dokeos Open Source Learning And Knowledge Management	Version 1.8
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.4
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.5.3
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.5.4
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.5.5
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.5
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.6.4
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.6.5
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.8.4
Dokeos Open Source Learning And Knowledge Management Tool	Version 1.8