CVE-2014-5316

NONE EPSS 64.1%
Published Sep 22, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 22, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

Threat Intelligence

EPSS Exploit Probability
64.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 37

VendorProductVersionRange
dotcleardotclear* ≤2.6.3
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0any
dotcleardotclear2.0.1any
dotcleardotclear2.0.2any
dotcleardotclear2.1any
dotcleardotclear2.1.1any
dotcleardotclear2.1.3any
dotcleardotclear2.1.4any
dotcleardotclear2.1.5any
dotcleardotclear2.1.6any
dotcleardotclear2.1.7any
dotcleardotclear2.2any
dotcleardotclear2.2.1any
dotcleardotclear2.2.2any
dotcleardotclear2.2.3any
dotcleardotclear2.3.0any
dotcleardotclear2.3.1any
dotcleardotclear2.4.2any
dotcleardotclear2.4.3any
dotcleardotclear2.4.4any
dotcleardotclear2.5.0any
dotcleardotclear2.5.1any
dotcleardotclear2.5.2any
dotcleardotclear2.5.3any
dotcleardotclear2.6any
dotcleardotclear2.6any
dotcleardotclear2.6.1any
dotcleardotclear2.6.2any

References 4

  • dotclear.org http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4
    PatchVendor Advisory
  • jvn.jp http://jvn.jp/en/jp/JVN61637002/index.html
    Vendor Advisory
  • jvndb.jvn.jp http://jvndb.jvn.jp/jvndb/JVNDB-2014-000110
  • securityfocus.com http://www.securityfocus.com/bid/69985

Remediation

  • dotclear.org http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4
    PatchVendor Advisory