CMS Dotclear version 2.4.4 suffers from cross site scripting and content spoofing vulnerabilities.
625cc001772f2b42ce6045d05996c1d2b54a79d66309e300357424fc1b5ada2f
Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability.
a2a158397ae79c78e46a0c4935d002352662c55b69f1181ce13b4acd1f39d885