CVE-2006-3240

Опубликовано: 27 июн. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Ссылки

http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113&r2=1.114
Patch
Vendor Advisory
http://jvn.jp/jp/JVN%2339188922/index.html
Third Party Advisory
http://secunia.com/advisories/20822
Broken Link
Not Applicable
http://sourceforge.net/project/shownotes.php?release_id=427236
Patch
Third Party Advisory
http://www.securityfocus.com/bid/18650
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/2509
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/27585
Broken Link
Third Party Advisory
VDB Entry
http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113&r2=1.114
Patch
Vendor Advisory
http://jvn.jp/jp/JVN%2339188922/index.html
Third Party Advisory
http://secunia.com/advisories/20822
Broken Link
Not Applicable
http://sourceforge.net/project/shownotes.php?release_id=427236
Patch
Third Party Advisory
http://www.securityfocus.com/bid/18650
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/2509
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/27585
Broken Link
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dotproject:dotproject:*:*:*:*:*:*:*:*

Версия до 2.0.3 (включая)

EPSS

Процентиль: 70%

0.00633

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rfx6-fxwp-4rpg

github

почти 4 года назад