Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotclear dotclear vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-9891
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear prior to 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
Dotclear Dotclear
NA
CVE-2015-5651
Cross-site scripting (XSS) vulnerability in Dotclear prior to 2.8.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Dotclear Dotclear
6.1
CVSSv3
CVE-2016-6523
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear prior to 2.10 allow remote malicious users to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.
Dotclear Dotclear
NA
CVE-2007-3672
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
Dotclear Dotclear 1.2.6
NA
CVE-2007-3688
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote malicious users to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and ...
Dotclear Dotclear 1.2.6
NA
CVE-2005-3957
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
Dotclear Dotclear 1.2.1
5.4
CVSSv3
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
Dotclear Dotclear 2.12.1
5.4
CVSSv3
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Dotclear Dotclear 2.12.1
6.1
CVSSv3
CVE-2017-6446
XSS exists in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
Dotclear Dotclear 2.11.2
NA
CVE-2012-10391
Dotclear version 2.4.1.2 suffers from multiple cross site scripting vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »