CVE-2013-7250
CVE-2013-7250: XSS in ProjectForge (JsonBuilder) before 5.3 allows remote authenticated users to inject scripts via an autocompletion string. Affected: web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. Impact: cross-site scripting; fix/mitigation: upgrade to 5.3...