WEB APPLICATION VULNERABILITIES Standard & Premium

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6446)

Description

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.

Remediation

References

Related Vulnerabilities

WordPress Plugin Contact Form 7 Arbitrary File Upload (3.5.2)

WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9)

CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20703)

WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.19)

Joomla CVE-2023-40626 Vulnerability (CVE-2023-40626)

Severity

Medium

Classification

CVE-2017-6446 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities