[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8831Date: (C)2017-02-11   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 2.7Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
http://seclists.org/fulldisclosure/2015/Nov/59
BID-96377
http://www.openwall.com/lists/oss-security/2016/03/05/4
http://www.openwall.com/lists/oss-security/2016/03/07/5
http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
http://packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.html
https://blog.curesec.com/article/blog/dotclear-281-XSS-94.html
https://hg.dotclear.org/dotclear/rev/65e65154dadf

CPE    1
cpe:/a:dotclear:dotclear
CWE    1
CWE-79

© SecPod Technologies