Vulnerabilities > Dotclear > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-02 | CVE-2018-16358 | Cross-site Scripting vulnerability in Dotclear A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | 5.4 |
2018-01-14 | CVE-2018-5690 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | 5.4 |
2018-01-14 | CVE-2018-5689 | Cross-site Scripting vulnerability in Dotclear 2.12.1 Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | 5.4 |
2017-03-05 | CVE-2017-6446 | Cross-site Scripting vulnerability in Dotclear 2.11.2 XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | 6.1 |
2017-02-09 | CVE-2015-8831 | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | 6.1 |
2016-12-29 | CVE-2016-9891 | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). | 5.4 |
2016-12-09 | CVE-2016-6523 | Cross-site Scripting vulnerability in Dotclear Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php. | 6.1 |