Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...