NVD
- Id
- 22511
- Name
- CVE-2016-9891
- Description
- Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
- Reject
- CVSS Version
- 2
- CVSS Score
- 3.5
- Severity
- Low
- CVSS Base Score
- 3.5
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 6.8
- CVSS Vector
- (AV:N/AC:M/Au:S/C:N/I:P/A:N)
- Pub Date
- 2017-01-19
- Published
- 2016-12-29
- Modified Date
- 2017-01-03
- Seq
- 2016-9891