Description
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4297)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-2750)
PHP CVE-2016-6174 Vulnerability (CVE-2016-6174)
WordPress Plugin Stream Cross-Site Scripting (3.0.5)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.11)