Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dotclear media manager 跨站脚本漏洞
Vulnerability Description
Dotclear是软件开发者Olivier Meunier所研发的一套免费的基于PHP和MySQL的博客(Blog)发布软件。media manager是其中的一个媒体管理组件。 Dotclear 2.14.1及之前版本中的media manager的inc/core/class.dc.core.php文件存在跨站脚本漏洞,该漏洞源于media manager允许上传.ahtml(或.bhtml,.chtml...)文件。远程攻击者可通过上传含有XSS载荷的HTML内容利用该漏洞注入任意的Web脚本或HT
CVSS Information
N/A
Vulnerability Type
N/A