Projectforge : Security Vulnerabilities, CVEs,

CVE-2013-7251

Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/.
Max CVSS
6.8
EPSS Score
0.34%
Published
2014-01-02
Updated
2016-12-31

CVE-2013-7250

Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
Max CVSS
3.5
EPSS Score
0.10%
Published
2014-01-02
Updated
2016-12-31

CVE-2011-5269

Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.
Max CVSS
3.5
EPSS Score
0.06%
Published
2014-01-02
Updated
2014-01-02
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close