{"id":"CVE-2016-6523","details":"Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.","modified":"2026-04-10T03:52:42.512810Z","published":"2016-12-09T20:59:03.047Z","references":[{"type":"ADVISORY","url":"https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92272"},{"type":"FIX","url":"https://hg.dotclear.org/dotclear/rev/40d0207e520d"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/02/13"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/02/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotclear/dotclear","events":[{"introduced":"0"},{"last_affected":"c8cf6e1e529ab930ed46e53d30201557587d35b7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.9.1"}]}}],"versions":["2.3.0","2.4.0","2.9.0","2.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6523.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}