Description
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.25)
Drupal Core 8.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.3.6)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7059)
OpenSSL Inadequate Encryption Strength Vulnerability (CVE-2014-0224)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)