3 matches found
CVE-2015-8831
Cross-site scripting XSS vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment...
CVE-2015-8831
Cross-site scripting XSS vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment...
CVE-2015-8831
Dotclear before 2.8.2 contains an XSS vulnerability in admin/comments.php that lets remote attackers inject arbitrary script or HTML through the author name in a comment. Root cause: insufficient input sanitization of the author field in comments; impact is user-facing script execution (per the C...