Vulnerabilities

CVE-2016-9891

by Fred · 29/12/2016

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).

Date published : 2016-12-29

http://www.securityfocus.com/bid/95156

https://dev.dotclear.org/2.0/changeset/5536ac77e915

Related

Tags: Cybersecurity Alert