2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 6.1.1 and earlier, with registerglobals enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 itsurl parameter in the documents page and 2 url parameter in the sendwrite page of a index.php; 3 subject, and ...
CVE-2004-2511
CVE-2004-2511 affects DCP-Portal 5.3.2 and earlier. The issue is multiple XSS vectors in calendar.php, index.php, annou ncement.php, news.php, contents.php, search.php, and register.php via various parameters (year/month/day, cid, url, q, country, etc.). Root cause: insufficient input sanitizatio...