Description
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2018-1814)
WordPress Plugin PhastPress Open Redirect (1.110)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)