CVE-2015-8831 — MEDIUM (6.1)

Q: What is CVE-2015-8831?

CVE-2015-8831 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

Q: How severe is CVE-2015-8831?

CVE-2015-8831 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8831?

Check the references section above for vendor advisories and patch information. Affected products include: Dotclear Dotclear.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dotclear	Dotclear	<= 2.8.1

Related Weaknesses (CWE)

CWE-79

References

http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2Release NotesVendor Advisory
http://packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2015/Nov/59Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/05/4Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/07/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96377
https://blog.curesec.com/article/blog/dotclear-281-XSS-94.htmlExploitPatchThird Party Advisory
https://hg.dotclear.org/dotclear/rev/65e65154dadfIssue TrackingPatchVendor Advisory
http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2Release NotesVendor Advisory
http://packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2015/Nov/59Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/05/4Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/07/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96377
https://blog.curesec.com/article/blog/dotclear-281-XSS-94.htmlExploitPatchThird Party Advisory

FAQ

What is CVE-2015-8831?

CVE-2015-8831 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

How severe is CVE-2015-8831?

CVE-2015-8831 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8831?

Check the references section above for vendor advisories and patch information. Affected products include: Dotclear Dotclear.