Cross-site scripting (XSS) vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter (aka the media title).
{
"cpe": "cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.10.4"
}
],
"source": "CPE_RANGE"
}