Cross-Site Scripting (XSS) Vulnerability in Dotclear Media Manager

Cross-Site Scripting (XSS) Vulnerability in Dotclear Media Manager

CVE-2018-16358 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

Learn more about our User Device Pen Test.