Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotclear vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2016-7903
Dotclear prior to 2.10.3, when the Host header is not part of the web server routing process, allows remote malicious users to modify the password reset address link via the HTTP Host header.
Dotclear Dotclear
5.4
CVSSv3
CVE-2016-9891
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear prior to 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
Dotclear Dotclear
6.1
CVSSv3
CVE-2016-6523
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear prior to 2.10 allow remote malicious users to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.
Dotclear Dotclear
5.4
CVSSv3
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Dotclear Dotclear 2.12.1
NA
CVE-2005-3957
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
Dotclear Dotclear 1.2.1
5.4
CVSSv3
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
Dotclear Dotclear 2.12.1
NA
CVE-2007-3672
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
Dotclear Dotclear 1.2.6
NA
CVE-2007-3688
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote malicious users to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and ...
Dotclear Dotclear 1.2.6
6.1
CVSSv3
CVE-2017-6446
XSS exists in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
Dotclear Dotclear 2.11.2
NA
CVE-2012-10391
Dotclear version 2.4.1.2 suffers from multiple cross site scripting vulnerabilities.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »