Description
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
Remediation
References
Related Vulnerabilities
Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948)
WordPress Plugin GD Rating System Unspecified Vulnerability (2.6)
WordPress Plugin Catch Gallery Security Bypass (1.6.8)
WordPress Plugin FlyingPress Security Bypass (3.9.6)
WordPress Plugin Modern Events Calendar Arbitrary File Upload (7.11.0)