DCP-Portal XSS Network Vulnerability

Summary

You are running a version of DCP-Portal which is older or equals to v5.3.2 This version is vulnerable to: - Cross-site scripting flaws in calendar.php script, which may let an attacker to execute arbitrary code in the browser of a legitimate user. In addition to this, your version may also be vulnerable to: - HTML injection flaws, which may let an attacker to inject hostile HTML and script code that could permit cookie-based credentials to be stolen and other attacks. - HTTP response splitting flaw, which may let an attacker to influence or misrepresent how web content is served, cached or interpreted.

Solution

Upgrade to a newer version when available

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2511, CVE-2004-2512

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Admidio get_file.php Remote File Disclosure Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities