These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6446 is a cross-site scripting issue in Dotclear 2.11.2 that affects admin/blogs.php and admin/users.php through the sortby and order parameters. NVD rates the issue at CVSS 3.0 6.1 (MEDIUM) and maps it to CWE-79.
CVE-2015-8832 is a high-severity authenticated remote code execution issue in Dotclear before 2.8.2. The vulnerable upload handling in inc/core/class.dc.core.php used incomplete blacklist filtering, allowing a user with limited management permissions to upload PHP-capable files such as .pht, .phps, or .phtml and execute server-side code.
CVE-2015-8831 is a cross-site scripting issue in Dotclear affecting versions through 2.8.1. According to NVD, the flaw is in admin/comments.php and can let a remote attacker inject arbitrary web script or HTML through the author name field in a comment. The vulnerable condition was addressed in Dotclear 2.8.2, and NVD assigns CWE-79 with a medium severity score.