|
Description
|
|
(#Several vulnerabilities have been identified in DotClear:#- arbitrary code execution: an authenticated remote attacker could exploit it (via the "dotclear/admin/media.php?popup=1&plugin_id=dcLegacyEditor" page) by uploading a file with extension pht, phps, or phtml, in order to execute arbitrary code. In order to exploit this vulnerability, the attacker must have an account with "manage their own media items" and "manage their own entries and comments" privileges##- cross-site scripting: A remote attacker can exploit it in order to execute arbitrary JavaScript or HTML code by inciting their victim into following a specially formed link.#The vulnerability is located in the author name field of a comment which is then echoed to a hidden input tag.##Proofs of concept are available.)
|
