Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
dotProject 'index.php'跨站攻击漏洞
Vulnerability Description
DotProject是一个免费的开源软件,一个基于WEB的PHP软件系统,一个项目管理的Framework。 dotProject 2.1.2版本中的index.php存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)任务操作中的inactive参数,(2)日历日-查看操作中的日期参数,(3)public calendar操作中的callback参数 ,或(4)ticketsmith操作中的类型参数,注入任意的web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A