Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-03-19 12:55
Updated : 2018-01-10 18:29
NVD link : CVE-2012-1039
Mitre link : CVE-2012-1039
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
dotclear
- dotclear