Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotclear vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27626
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.
5.4
CVSSv3
CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear up to and including 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
Dotclear Dotclear
5.4
CVSSv3
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Dotclear Dotclear 2.12.1
5.4
CVSSv3
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
Dotclear Dotclear 2.12.1
6.1
CVSSv3
CVE-2017-6446
XSS exists in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
Dotclear Dotclear 2.11.2
6.1
CVSSv3
CVE-2015-8831
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear prior to 2.8.2 allows remote malicious users to inject arbitrary web script or HTML via the author name in a comment.
Dotclear Dotclear
8.8
CVSSv3
CVE-2015-8832
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear prior to 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by...
Dotclear Dotclear
8.8
CVSSv3
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear prior to 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstra...
Dotclear Dotclear
3.7
CVSSv3
CVE-2016-7903
Dotclear prior to 2.10.3, when the Host header is not part of the web server routing process, allows remote malicious users to modify the password reset address link via the HTTP Host header.
Dotclear Dotclear
5.4
CVSSv3
CVE-2016-9891
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear prior to 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
Dotclear Dotclear
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »