Dotclear: >> Dotclear >> 2.11.2 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-02
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-05