[Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability
Julien Dhaille
julien at wargan.com
Tue Apr 17 10:29:15 BST 2007
I wrote a paper about Xss exploitation with this bug.
http://wargan.org/index.php/2007/04/16/9-dotclear-126-hijack-authenticated-session
Full-Disclosure is hosted and sponsored by Secunia.