CVE-2018-5689

NONE EPSS 55.3%
Published Jan 14, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 14, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.

Threat Intelligence

EPSS Exploit Probability
55.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
dotcleardotclear2.12.1any

References 2

  • dev.dotclear.org http://dev.dotclear.org/2.0/changeset/3b0b868d58b00a1b216e0dc13c461bb3550ed3da
    Vendor Advisory
  • hg.dotclear.org https://hg.dotclear.org/dotclear/rev/3b0b868d58b0
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.