Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Aug 2016 06:13:03 +0000
From: 陈瑞琦 <>
To: "" <>
CC: limingxing <>
Subject: CVE request: XSS vulns in Dotclear v2.9.1

I found some XSS vulns in Dotclear v2.9.1

Title: XSS vulns in Dotclear v2.9.1
Author: Chen Ruiqi,
Date: 2016-08-01
Download Site:
Vendor Notified: 2016-08-01
Vendor Contact:
Dotclear is an open source blog publishing application distributed under the GNU GPLv2. Developed originally by Olivier Meunier from 2002, Dotclear has now attracted a solid team of developers.[2] It is relatively popular in French speaking countries, where it is used by several major blogging platforms (Gandi Blogs,[3] Marine nationale,[4] etc.).(Wiki)
There are two reflected XSS vulns in Dotclear v2.9.1 media manager

line 34 $link_type = !empty($_REQUEST['link_type']) ? $_REQUEST['link_type'] : null;
line 62 $q = isset($_REQUEST['q']) ? $_REQUEST['q'] : null;

Lack of filter before put the user-input into the page.
PoC Code:
Fix Code:

Could you assign CVE id for those?

Thank you

Chen Ruiqi
Codesafe Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ