Description

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).

Remediation

References

CVE-2016-9891

Related Vulnerabilities

WordPress Plugin Slimstat Analytics Cross-Site Scripting (0.9.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2158)

Grafana Improper Authentication Vulnerability (CVE-2021-39226)

WebLogic CVE-2018-2893 Vulnerability (CVE-2018-2893)

WordPress Plugin WordPress Popular Posts TimThumb Arbitrary File Upload (2.1.4)

Severity

Medium

Classification

CVE-2016-9891 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities