Skip to main content

Dotclear CVE-2015-5651

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-10-03 vultures@jpcert.or.jp
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 03, 2015 - 22:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Dotclear. Version information: before 2.8.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-8832 HIGH POC
8.8 Feb 09

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authen

CVE-2014-1613 HIGH POC
7.5 May 16

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd coo

CVE-2015-8831 MEDIUM POC
6.1 Feb 09

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to injec

CVE-2014-3781 MEDIUM POC
5.8 Jun 11

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass a

CVE-2016-7902 HIGH
8.8 Jan 04

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authentica

CVE-2012-1039 MEDIUM POC
4.3 Mar 19

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary

CVE-2016-9268 HIGH
7.2 Nov 10

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear th

CVE-2016-6523 MEDIUM
6.1 Dec 09

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers

CVE-2014-3782 MEDIUM
6.0 Jun 11

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear

CVE-2017-6446 MEDIUM
6.1 Mar 05

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order paramete

CVE-2024-27626 MEDIUM
6.1 Mar 21

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. Rated medium severity

CVE-2014-3783 MEDIUM
6.0 May 22

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the

Share

CVE-2015-5651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy