CVE-2014-1877 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone (2) Street (3) Address line (4) Zip code or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.

Reference

http://seclists.org/oss-sec/2014/q1/258 http://seclists.org/oss-sec/2014/q1/286 http://www.securityfocus.com/bid/65416 http://www.xchg.info/?p=381 https://exchange.xforce.ibmcloud.com/vulnerabilities/91295