CVE-2012-1039

Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-1039. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Dotclear 2.4.1.2 by injecting arbitrary JavaScript code via the 'tag' parameter in the admin plugin interface. The payload executes an alert with the user's cookies, proving the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.

Exploits (4)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36891

This exploit demonstrates a reflected XSS vulnerability in Dotclear 2.4.1.2 by injecting arbitrary JavaScript code via the 'tag' parameter in the admin plugin interface. The payload executes an alert with the user's cookies, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dotclear 2.4.1.2
Auth required
Prerequisites: Access to the admin plugin interface · User interaction to trigger the payload
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36890

This exploit demonstrates multiple XSS vulnerabilities in Dotclear by injecting JavaScript via URL parameters. The PoC shows how unsanitized input in the admin interface can lead to arbitrary script execution.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dotclear 2.4.1.2 (and prior versions)
Auth required
Prerequisites: Access to the admin interface · User interaction (clicking a malicious link)
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36889

This exploit demonstrates a reflected XSS vulnerability in Dotclear by injecting a malicious script via the 'nb' parameter in the admin/blogs.php page. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dotclear 2.4.1.2
No auth needed
Prerequisites: Access to the vulnerable admin/blogs.php endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · htmlwebappsphp
https://www.exploit-db.com/exploits/36888

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Dotclear by injecting malicious JavaScript into the 'login_data' parameter. The PoC submits a form with crafted input to trigger the XSS, potentially stealing cookies or performing other client-side attacks.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dotclear 2.4.1.2 (and prior versions)
No auth needed
Prerequisites: Access to the target's admin/auth.php endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73565
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52221
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48209

Scores

EPSS 0.0403
EPSS Percentile 89.4%

Details

CWE
CWE-79
Status published
Products (24)
dotclear/dotclear 1.2.1
dotclear/dotclear 1.2.2
dotclear/dotclear 1.2.3
dotclear/dotclear 1.2.4
dotclear/dotclear 1.2.5
dotclear/dotclear 1.2.6
dotclear/dotclear 1.2.7
dotclear/dotclear 1.2.8
dotclear/dotclear 2.0 (10 CPE variants)
dotclear/dotclear 2.0.1
... and 14 more
Published Mar 19, 2012
Tracked Since Feb 18, 2026