CVE-2014-1877
Dokeos 2.1.1 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.
References (5)
Scores
EPSS
0.0027
EPSS Percentile
50.7%
Details
CWE
CWE-79
Status
published
Products (2)
dokeos_project/dokeos
n/a/n/a
Published
Mar 13, 2014
Tracked Since
Feb 18, 2026