CVE-2009-2009

Name of the Vulnerable Software and Affected Versions: Dokeos versions 1.8.5 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the curdirpath parameter to "main/document/slideshow.php" or the file parameter to "main/exercice/testheaderpage.php".

Recommendations: For Dokeos versions 1.8.5 and earlier, consider restricting access to the slideshow.php and testheaderpage.php files until a patch is available. As a temporary workaround, avoid using the curdirpath and file parameters in the affected API endpoints.