CVE-2009-0933

EUVD-2009-0930
Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
dotcleardotclear
𝑥
≤ 2.1.4
dotcleardotclear
1.2.1
dotcleardotclear
1.2.2
dotcleardotclear
1.2.3
dotcleardotclear
1.2.4
dotcleardotclear
1.2.5
dotcleardotclear
1.2.6
dotcleardotclear
1.2.7
dotcleardotclear
1.2.8
dotcleardotclear
2.0
dotcleardotclear
2.0:beta_2
dotcleardotclear
2.0:beta_3
dotcleardotclear
2.0:beta_4
dotcleardotclear
2.0:beta_5.2
dotcleardotclear
2.0:beta_5.4
dotcleardotclear
2.0:beta_6
dotcleardotclear
2.0:beta_7
dotcleardotclear
2.0:rc1
dotcleardotclear
2.0:rc2
dotcleardotclear
2.0.1
dotcleardotclear
2.0.2
dotcleardotclear
2.1
dotcleardotclear
2.1.1
dotcleardotclear
2.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dotclear.org/blog/post/2009/02/05/Dotclear-2.1.5
http://secunia.com/advisories/34181
http://www.securityfocus.com/bid/34036
http://www.vupen.com/english/advisories/2009/0636
https://exchange.xforce.ibmcloud.com/vulnerabilities/49138
http://dotclear.org/blog/post/2009/02/05/Dotclear-2.1.5
http://secunia.com/advisories/34181
http://www.securityfocus.com/bid/34036
http://www.vupen.com/english/advisories/2009/0636
https://exchange.xforce.ibmcloud.com/vulnerabilities/49138