A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear up to and including 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotclear dotclear |