CVE-2018-16358

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*

Information

Published : 2018-09-02 15:29

Updated : 2018-10-24 08:17


NVD link : CVE-2018-16358

Mitre link : CVE-2018-16358


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

dotclear

  • dotclear