Skip to main content

Dotclear CVE-2024-27626

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-03-21 cve@mitre.org
6.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 21, 2024 - 02:52 cve.org
MEDIUM 6.1

DescriptionCVE.org

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.

AnalysisAI

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. Affected products include: Dotclear. Version information: version 2.29..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-8832 HIGH POC
8.8 Feb 09

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authen

CVE-2014-1613 HIGH POC
7.5 May 16

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd coo

CVE-2015-8831 MEDIUM POC
6.1 Feb 09

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to injec

CVE-2014-3781 MEDIUM POC
5.8 Jun 11

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass a

CVE-2016-7902 HIGH
8.8 Jan 04

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authentica

CVE-2012-1039 MEDIUM POC
4.3 Mar 19

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary

CVE-2016-9268 HIGH
7.2 Nov 10

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear th

CVE-2016-6523 MEDIUM
6.1 Dec 09

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers

CVE-2014-3782 MEDIUM
6.0 Jun 11

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear

CVE-2017-6446 MEDIUM
6.1 Mar 05

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order paramete

CVE-2014-3783 MEDIUM
6.0 May 22

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the

CVE-2016-9891 MEDIUM
5.4 Dec 29

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remo

Share

CVE-2024-27626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy