The host is running dotProject, which is prone to multiple Cross Site Scripting and SQL injection vulnerabilities.

Successful exploitation will allow attackers to steal cookie based authentication credentials of user and administrator, and can also execute arbitrary code in the browser of an unsuspecting user in the context of an affected site. Impact Level : Application

Upgrade to dotProject version 2.1.3 or later For updates check, http://www.dotproject.net/

The flaws exists due to, - improper sanitisation of input value passed to inactive, date, calendar, callback and day_view, public, dialog and ticketsmith parameters in index.php before being returned to the user. - failing to validate the input passed to the tab and user_id parameter in index.php file, before being used in SQL queries.

dotProject version 2.1.2 and prior on all platform.

• http://secunia.com/advisories/31681/

---

Updated on 2017-03-28