Description
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ticket Manager Cross-Site Scripting (1)
WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)
MySQL CVE-2016-3471 Vulnerability (CVE-2016-3471)
OpenSSL CVE-2014-3511 Vulnerability (CVE-2014-3511)
WordPress Plugin SS Quiz Multiple Unspecified Vulnerabilities (1.12)