Vulnerabilities > Dotclear > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-02 | CVE-2018-16358 | Cross-site Scripting vulnerability in Dotclear A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | 3.5 |
| 2018-01-14 | CVE-2018-5689 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | 3.5 |
| 2018-01-14 | CVE-2018-5690 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | 3.5 |
| 2016-12-29 | CVE-2016-9891 | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). | 3.5 |
| 2007-07-11 | CVE-2007-3688 | Cross-Site Request Forgery vulnerability in Dotclear 1.2.6 Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. | 2.6 |