Dotclear: >> Dotclear >> 2.12.1 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-02
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-14
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-14