Medium severity6.1NVD Advisory· Published Feb 9, 2017· Updated Jun 17, 2026
CVE-2015-8831
CVE-2015-8831
Description
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- seclists.org/fulldisclosure/2015/Nov/59nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2016/03/05/4nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2016/03/07/5nvdMailing ListPatchThird Party Advisory
- hg.dotclear.org/dotclear/rev/65e65154dadfnvdIssue TrackingPatchVendor Advisory
- packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- blog.curesec.com/article/blog/dotclear-281-XSS-94.htmlnvdExploitPatchThird Party Advisory
- dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2nvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/96377nvd
News mentions
0No linked articles in our index yet.