6 matches found
CVE-2012-5702
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
CVE-2012-5702
dotProject is affected by CVE-2012-5702 (XSS) in versions up to 2.1.6/2.1.x. The vulnerability arises from input sanitation errors in index.php when handling GET parameters: callback, field, company_name (2.1), and also date (2.4) in day_view. An attacker can inject arbitrary HTML/JavaScript that...
Multiple vulnerabilities in dotProject
Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...
dotProject 2.1.6 Cross Site Scripting / SQL Injection
dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosur...
dotProject 2.1.6 Cross Site Scripting / SQL Injection
Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...
CVE-2012-5702
creationtimestamp| type| source ---|---|--- 2012-11-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38043...