Dotproject@2.1.6 Security Vulnerabilities and Issues — Dotproject@2.1.6 CVE List

Lucene search

DotprojectDotproject2.1.6

2 matches found

CVE•added 2014/10/20 3:55 p.m.•37 views

CVE-2012-5701

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project...

6.8CVSS8.3AI score0.03389EPSS

CVE•added 2014/10/21 2:55 p.m.•36 views

CVE-2012-5702

Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to ...

4.3CVSS5.6AI score0.01135EPSS