U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:dotclear:dotclear:2.10.4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2018-16358

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

Published: September 02, 2018; 6:29:00 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-9891

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).

Published: December 29, 2016; 1:59:00 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-9268

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.

Published: November 10, 2016; 3:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH