Unrated severityNVD Advisory· Published Mar 23, 2015· Updated May 6, 2026

CVE-2015-2677

Description

Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htmnvdPatchVendor Advisory
packetstormsecurity.com/files/130729/ocPortal-9.0.16-Cross-Site-Scripting.htmlnvdExploit
ocportal.com/site/news/view/new-releases/ocportal-9-0-17-released.htmnvdVendor Advisory
www.securityfocus.com/archive/1/534817/100/0/threadednvd
www.securitytracker.com/id/1031962nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000