Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
CPE | Name | Operator | Version |
---|---|---|---|
projectforge | le | 5.2 | |
projectforge | eq | 5.1 | |
projectforge | eq | 5.0 |