Description
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Remediation
References
Related Vulnerabilities
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6750)
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-9119)