CVE-2018-16358

CVE-2018-16358

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

Source: CVE-2018-16358

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다