Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter.
CPE | Name | Operator | Version |
---|---|---|---|
simplerisk | eq | <= 20130915-1 |