314 matches found
dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...
Cross site scripting
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
UBUNTU-CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2018-16358
CVE-2018-16358 is a cross-site scripting (XSS) vulnerability in Dotclear’s media manager (inc/core/class.dc.core.php) up to version 2.14.1. It allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. The issue’s root cause is an XSS flaw i...
CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
Dotclear admin/users.php file cross-site scripting vulnerability
Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/users.php file in Dotclear version 2.12.1. A remote attacker can exploit this vulnerability by injecting arbitrary web scri...
Dotclear admin/auth.php file cross-site scripting vulnerability
Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/auth.php file in Dotclear version 2.12.1. This vulnerability can be exploited by remote attackers to inject arbitrary web...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5689
Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5689
Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5689
Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...
UBUNTU-CVE-2018-5689
Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...
UBUNTU-CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...