Vulnerabilities > Dotclear > Dotclear > 2.12.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-02 | CVE-2018-16358 | Cross-site Scripting vulnerability in Dotclear A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | 3.5 |
2018-01-14 | CVE-2018-5690 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | 3.5 |
2018-01-14 | CVE-2018-5689 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | 3.5 |