Dotclear · Dotclear · CVE-2018-5690
Name of the Vulnerable Software and Affected Versions:
Dotclear version 2.12.1
Description:
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `nb` parameter, which is also known as the page limit number, in the admin/users.php file.
Recommendations:
For Dotclear version 2.12.1, update to a version that fixes this issue to prevent exploitation.