Published:2006/06/05  Last Updated:2008/05/21

JVN#97636431
dotProject cross-site scripting vulnerability

Overview

dotProject, an open source project management tool, contains a cross-site scripting vulnerability.

Products Affected

  • dotProject 2.0.2 and earlier
As of June 5, 2006, it is confirmed that Internet Explorer is affected by this vulnerability. It is also confirmed that Mozilla Firefox and Opera are not affected by this vulnerability.

Description

Impact

An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking.

Solution

Vendor Status

Vendor Link
dotProject Welcome to dotProject.net

References

JPCERT/CC Addendum

Credit

Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000622

Update History