2 matches found
Dotclear cross-site scripting vulnerability (CNVD-2017-00084)
Dotclear is a software developer OlivierMeunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/media.php and admin/mediaitem.ph files in versions of Dotclear prior to 2.11. A remote attacker can inject arbitrary web...
UBUNTU-CVE-2016-9891
Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...