Ticket #2242 (closed defect: wontfix)
XSS issus
| Reported by: | cain | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | module:plugins | Version: | 2.11.2 |
| Severity: | critical | Keywords: | |
| Cc: |
Description
An XSS issue was discovered in Dotclear through 2.11.2. To exploit this vulnerability, someone must have a account that can use an editor to edit content. Dotclear has the dcCKEditor and dcLegacyEditor editors by default. When using them to edit content, the attacker can inject any JavaScript? code into the content in source mode,leading to stored XSS.
Change History
Note: See
TracTickets for help on using
tickets.