[Japanese]

JVNDB-2007-000454

dotProject cross-site scripting vulnerability

Overview

dotProject, an open source project management tool, contains a cross-site scripting vulnerability.

This vulnerability is different from JVN#97636431.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


dotProject
  • dotProject 2.0.4 and earlier

Impact

An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, session hijacking could be conducted.
Solution

[Update the Software]

The developer has released dotProject version 2.1 RC2 that addresses this vulnerability. We recommend that users upgrade to the version.
Vendor Information

dotProject
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-3226
References

  1. JVN : JVN#63602912
  2. National Vulnerability Database (NVD) : CVE-2007-3226
  3. Secunia Advisory : SA25638
Revision History

  • [2008/05/21]
      Web page published