Summary
You are running a version of DCP-Portal which is older or equals to v5.3.2
This version is vulnerable to:
- Cross-site scripting flaws in calendar.php script, which may let an attacker to execute arbitrary code in the browser of a legitimate user.
In addition to this, your version may also be vulnerable to:
- HTML injection flaws, which may let an attacker to inject hostile HTML and script code that could permit cookie-based credentials to be stolen and other attacks.
- HTTP response splitting flaw, which may let an attacker to influence or misrepresent how web content is served, cached or interpreted.
Solution
Upgrade to a newer version when available
References
Severity
Classification
-
CVE CVE-2004-2511, CVE-2004-2512 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities