Description

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.

Remediation

References

CVE-2017-6446

Related Vulnerabilities

Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12385)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4999)

WordPress Plugin Google Drive for WordPress Arbitrary File Deletion (2.2)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3403)

Severity

Medium

Classification

CVE-2017-6446 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities