VYPR
Medium severity5.4OSV Advisory· Published Sep 2, 2018· Updated Jun 17, 2026

CVE-2018-16358

CVE-2018-16358

Description

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dotclear/DotclearOSV2 versions
    2.14.0, 2.14.1, 2.3.0, …+ 1 more
    • (no CPE)range: 2.14.0, 2.14.1, 2.3.0, …
    • (no CPE)range: <=2.14.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.