CVE-2018-5690
NONE EPSS 55.3%
Published Jan 14, 20188y ago · Modified Jun 17, 20262w ago
Published Jan 14, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
Threat Intelligence
EPSS Exploit Probability
55.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dotclear | dotclear | 2.12.1 | any |
References 2
- dev.dotclear.org http://dev.dotclear.org/2.0/changeset/3b0b868d58b00a1b216e0dc13c461bb3550ed3da
- hg.dotclear.org https://hg.dotclear.org/dotclear/rev/3b0b868d58b0
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.