Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DotClear 跨站脚本漏洞
Vulnerability Description
DotClear 1.2.6版本中存在多个跨站请求伪造漏洞。远程攻击者可以借助(1)对ecrire/tools.php的tool_url参数和(2)blogconf,(3)blogroll,(4)ecrire/redacteur.php,以及(5)ecrire/user_prefs.php页中的多个字段,像任意用户一样执行操作。
CVSS Information
N/A
Vulnerability Type
N/A