Vulnerability Details CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2018-16358
-
cpe:2.3:a:dotclear:dotclear:1.2.1
-
cpe:2.3:a:dotclear:dotclear:1.2.2
-
cpe:2.3:a:dotclear:dotclear:1.2.3
-
cpe:2.3:a:dotclear:dotclear:1.2.4
-
cpe:2.3:a:dotclear:dotclear:1.2.5
-
cpe:2.3:a:dotclear:dotclear:1.2.6
-
cpe:2.3:a:dotclear:dotclear:1.2.7
-
cpe:2.3:a:dotclear:dotclear:1.2.8
-
cpe:2.3:a:dotclear:dotclear:2.0
-
cpe:2.3:a:dotclear:dotclear:2.0.1
-
cpe:2.3:a:dotclear:dotclear:2.0.2
-
cpe:2.3:a:dotclear:dotclear:2.1
-
cpe:2.3:a:dotclear:dotclear:2.1.1
-
cpe:2.3:a:dotclear:dotclear:2.1.3
-
cpe:2.3:a:dotclear:dotclear:2.1.4
-
cpe:2.3:a:dotclear:dotclear:2.1.5
-
cpe:2.3:a:dotclear:dotclear:2.1.6
-
cpe:2.3:a:dotclear:dotclear:2.1.7
-
cpe:2.3:a:dotclear:dotclear:2.10
-
cpe:2.3:a:dotclear:dotclear:2.10.1
-
cpe:2.3:a:dotclear:dotclear:2.10.2
-
cpe:2.3:a:dotclear:dotclear:2.10.3
-
cpe:2.3:a:dotclear:dotclear:2.10.4
-
cpe:2.3:a:dotclear:dotclear:2.11
-
cpe:2.3:a:dotclear:dotclear:2.11.1
-
cpe:2.3:a:dotclear:dotclear:2.11.2
-
cpe:2.3:a:dotclear:dotclear:2.12
-
cpe:2.3:a:dotclear:dotclear:2.12.1
-
cpe:2.3:a:dotclear:dotclear:2.13
-
cpe:2.3:a:dotclear:dotclear:2.13.1
-
cpe:2.3:a:dotclear:dotclear:2.14
-
cpe:2.3:a:dotclear:dotclear:2.14.1
-
cpe:2.3:a:dotclear:dotclear:2.2
-
cpe:2.3:a:dotclear:dotclear:2.2.1
-
cpe:2.3:a:dotclear:dotclear:2.2.2
-
cpe:2.3:a:dotclear:dotclear:2.2.3
-
cpe:2.3:a:dotclear:dotclear:2.3.0
-
cpe:2.3:a:dotclear:dotclear:2.3.1
-
cpe:2.3:a:dotclear:dotclear:2.4
-
cpe:2.3:a:dotclear:dotclear:2.4.2
-
cpe:2.3:a:dotclear:dotclear:2.4.3
-
cpe:2.3:a:dotclear:dotclear:2.4.4
-
cpe:2.3:a:dotclear:dotclear:2.5.0
-
cpe:2.3:a:dotclear:dotclear:2.5.1
-
cpe:2.3:a:dotclear:dotclear:2.5.2
-
cpe:2.3:a:dotclear:dotclear:2.5.3
-
cpe:2.3:a:dotclear:dotclear:2.6
-
cpe:2.3:a:dotclear:dotclear:2.6.1
-
cpe:2.3:a:dotclear:dotclear:2.6.2
-
cpe:2.3:a:dotclear:dotclear:2.6.3
-
cpe:2.3:a:dotclear:dotclear:2.6.4
-
cpe:2.3:a:dotclear:dotclear:2.7
-
cpe:2.3:a:dotclear:dotclear:2.7.1
-
cpe:2.3:a:dotclear:dotclear:2.7.2
-
cpe:2.3:a:dotclear:dotclear:2.7.3
-
cpe:2.3:a:dotclear:dotclear:2.7.4
-
cpe:2.3:a:dotclear:dotclear:2.7.5
-
cpe:2.3:a:dotclear:dotclear:2.8
-
cpe:2.3:a:dotclear:dotclear:2.8.1
-
cpe:2.3:a:dotclear:dotclear:2.8.2
-
cpe:2.3:a:dotclear:dotclear:2.9
-
cpe:2.3:a:dotclear:dotclear:2.9.1