Vulnerabilities > Dotclear > Dotclear > 2.12.1

DATE CVE VULNERABILITY TITLE RISK
2018-09-02 CVE-2018-16358 Cross-site Scripting vulnerability in Dotclear
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
network
dotclear CWE-79
3.5
2018-01-14 CVE-2018-5690 Cross-site Scripting vulnerability in Dotclear 2.12.1
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
network
dotclear CWE-79
3.5
2018-01-14 CVE-2018-5689 Cross-site Scripting vulnerability in Dotclear 2.12.1
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
network
dotclear CWE-79
3.5