CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

JVN#61637002: Dotclear vulnerable to cross-site scripting

Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the infomration...