17 matches found
EUVD-2013-7029
Malware in sbrugna...
EUVD-2013-7028
Malware in sbrugna...
EUVD-2011-5168
Malware in sbrugna...
CVE-2011-5269
Cross-site scripting XSS vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message...
ProjectForge跨站请求伪造和跨站脚本漏洞
ProjectForge是一个基于Web的项目管理解决方案包括:工时表Timesheet、费用管理、项目甘特图,控制和管理工程分解结构。 1 某些未明输入在用于JSON自动完成响应前未能正确过滤,攻击者可以在用户访问恶意数据时,利用漏洞在用户浏览器会话上下文中注入任意HTML和脚本代码。 2程序允许用户不进行适当的有效性检查,通过HTTP请求执行某些操作。当登录的用户访问特制的网页时,攻击者可以执行某些未指定的操作。 0 ProjectForge 5.x ProjectForge 5.3版本以修复此漏洞,建议用户下载使用: http://www.projectforge.org/...
CVE-2013-7250
Cross-site scripting XSS vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java...
CVE-2013-7251
Multiple cross-site request forgery CSRF vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 web/admin/, 2 web/core/, 3 web/dialog/, 4 web/fibu/, 5 web/mobile/, 6 web/task/, or 7 web/wicket/...
CVE-2011-5269
Cross-site scripting XSS vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message...
Cross site scripting
Cross-site scripting XSS vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 web/admin/, 2 web/core/, 3 web/dialog/, 4 web/fibu/, 5 web/mobile/, 6 web/task/, or 7 web/wicket/...
Cross site scripting
Cross-site scripting XSS vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java...
CVE-2011-5269
CVE-2011-5269 affects ProjectForge prior to 3.5.3, where remote authenticated users can inject arbitrary web script or HTML through a validation message (XSS). The issue arises in the validation/message handling, enabling script execution in an authenticated user’s context. No exploitation detail...
CVE-2013-7250
CVE-2013-7250: XSS in ProjectForge (JsonBuilder) before 5.3 allows remote authenticated users to inject scripts via an autocompletion string. Affected: web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. Impact: cross-site scripting; fix/mitigation: upgrade to 5.3...
CVE-2013-7251
Multiple cross-site request forgery CSRF vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 web/admin/, 2 web/core/, 3 web/dialog/, 4 web/fibu/, 5 web/mobile/, 6 web/task/, or 7 web/wicket/...
CVE-2013-7250
Cross-site scripting XSS vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java...
CVE-2013-7251
CVE-2013-7251 concerns CSRF vulnerabilities in ProjectForge prior to version 5.3, enabling remote attackers to hijack user authentication via multiple web paths (web/admin/, web/core/, web/dialog/, web/fibu/, web/mobile/, web/task/, web/wicket/). Affected product: ProjectForge; affected component...
CVE-2011-5269
Cross-site scripting XSS vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message...