Dotclear@* Security Vulnerabilities and Issues — Dotclear@* CVE List

Lucene search

DotclearDotclear*

4 matches found

CVE•added 2017/02/09 3:59 p.m.•39 views

CVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .p...

8.8CVSS8.8AI score0.01118EPSS

CVE•added 2017/02/09 3:59 p.m.•31 views

CVE-2015-8831

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

6.1CVSS6AI score0.00927EPSS

CVE•added 2017/01/04 9:59 p.m.•31 views

CVE-2016-7902

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .p...

8.8CVSS8.6AI score0.0252EPSS

CVE•added 2017/01/04 9:59 p.m.•27 views

CVE-2016-7903

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

4.3CVSS4.5AI score0.00276EPSS