2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 6.1.1 and earlier, with registerglobals enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 itsurl parameter in the documents page and 2 url parameter in the sendwrite page of a index.php; 3 subject, and ...
CVE-2006-0220
CVE-2006-0220 is an XSS vulnerability in DCP-Portal (versions 5.3–6.1.1). The issue allows remote attackers to inject arbitrary script via the day parameter in calendar.php and via the input form in search.php. Details are corroborated by multiple sources (PRION entries and CVE records) noting th...