CVE-2012-1039

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
dotcleardotclear
𝑥
≤ 2.3.1
dotcleardotclear
1.2.1
dotcleardotclear
1.2.2
dotcleardotclear
1.2.3
dotcleardotclear
1.2.4
dotcleardotclear
1.2.5
dotcleardotclear
1.2.6
dotcleardotclear
1.2.7
dotcleardotclear
1.2.8
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0
dotcleardotclear
2.0.1
dotcleardotclear
2.0.2
dotcleardotclear
2.1
dotcleardotclear
2.1.1
dotcleardotclear
2.1.3
dotcleardotclear
2.1.4
dotcleardotclear
2.1.5
dotcleardotclear
2.1.6
dotcleardotclear
2.1.7
dotcleardotclear
2.2
dotcleardotclear
2.2.1
dotcleardotclear
2.2.2
dotcleardotclear
2.2.3
dotcleardotclear
2.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotclear
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
dne