DCP-Portal XSS Network Vulnerability

Summary

You are running a version of DCP-Portal which is older or equals to v5.3.2 This version is vulnerable to: - Cross-site scripting flaws in calendar.php script, which may let an attacker to execute arbitrary code in the browser of a legitimate user. In addition to this, your version may also be vulnerable to: - HTML injection flaws, which may let an attacker to inject hostile HTML and script code that could permit cookie-based credentials to be stolen and other attacks. - HTTP response splitting flaw, which may let an attacker to influence or misrepresent how web content is served, cached or interpreted.

Solution

Upgrade to a newer version when available

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2511, CVE-2004-2512
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities