3 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
CVE-2008-3886
Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...
CVE-2008-3886
CVE-2008-3886: dotProject 2.1.2 contains multiple XSS flaws in index.php, exploitable via (1) inactive (tasks action), (2) date (calendar day_view), (3) callback (public calendar), or (4) type (ticketsmith). The issue arises from reflected/scriptable input in these parameters, enabling remote inj...