CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dotclear: >> Dotclear >> 2.11 Security Vulnerabilities

CVE-2018-16358

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

CVSS Score

5.4

EPSS Score

0.002

Published

2018-09-02

Page 1

Vulnerabilities

Vulnerable Software

Dotclear: >> Dotclear >> 2.11 Security Vulnerabilities

Products

Pricing

Contact Us