Multiple Cross-Site Scripting Vulnerabilities in Dotclear Web Publishing System
CVE-2012-1039

Currently unrated

Key Information:

Vendor

Dotclear

Status
Dotclear
Vendor
CVE Published:
19 March 2012

What is CVE-2012-1039?

Dotclear, a web publishing system, suffers from multiple cross-site scripting (XSS) vulnerabilities that can be exploited by remote attackers. These vulnerabilities allow attackers to inject arbitrary scripts or HTML code through various parameters, including: 'login_data' in admin/auth.php, 'nb' in admin/blogs.php, and several parameters in admin/comments.php such as 'type', 'sortby', 'order', and 'status', as well as the 'page' parameter in admin/plugin.php. Successful exploitation could lead to unauthorized actions on behalf of users or the theft of sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.htbridge.ch/advisory/HTB23074
x_refsource_MISC
http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/73565
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.