vulnerability

Ubuntu: (CVE-2018-16358): dotclear vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Sep 2, 2018	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Sep 2, 2018

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.

Solution

no-fix-ubuntu-package

References

CVE-2018-16358
https://attackerkb.com/topics/CVE-2018-16358
URL-https://hg.dotclear.org/dotclear/rev/d4841d6d65d6
URL-https://www.cve.org/CVERecord?id=CVE-2018-16358

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today