CVE-2018-16358

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
References
Configurations

Configuration 1

cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*

Information

Published : 2018-09-02 10:29

Updated : 2018-10-24 03:17


NVD link : CVE-2018-16358

Mitre link : CVE-2018-16358

Products Affected
No products.
CWE