CVE-2007-3930

Publication date 21 July 2007

Last updated 24 July 2024

Description

Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dokuwiki	7.04 feisty	Fixed 0.0.20061106-6ubuntu0.1
	6.10 edgy	Fixed 0.0.20060309-5ubuntu0.1
	6.06 LTS dapper	Fixed 0.0.20050922-4ubuntu1.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3930