Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotclear vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2016-7903
Dotclear prior to 2.10.3, when the Host header is not part of the web server routing process, allows remote malicious users to modify the password reset address link via the HTTP Host header.
Dotclear Dotclear
NA
CVE-2015-5651
Cross-site scripting (XSS) vulnerability in Dotclear prior to 2.8.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Dotclear Dotclear
6.1
CVSSv3
CVE-2015-8831
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear prior to 2.8.2 allows remote malicious users to inject arbitrary web script or HTML via the author name in a comment.
Dotclear Dotclear
5.4
CVSSv3
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
Dotclear Dotclear 2.12.1
NA
CVE-2005-3957
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
Dotclear Dotclear 1.2.1
NA
CVE-2007-3672
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
Dotclear Dotclear 1.2.6
NA
CVE-2007-3688
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote malicious users to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and ...
Dotclear Dotclear 1.2.6
5.4
CVSSv3
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Dotclear Dotclear 2.12.1
6.1
CVSSv3
CVE-2017-6446
XSS exists in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
Dotclear Dotclear 2.11.2
NA
CVE-2012-10391
Dotclear version 2.4.1.2 suffers from multiple cross site scripting vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »