CVE-2007-1576 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0 when magic_quotes_gpc is disabled allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects (2) Contacts (3) Helpdesk (4) Search (only Gecko engine driven Browsers) and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
Reference
http://osvdb.org/34064 http://osvdb.org/34065 http://osvdb.org/34066 http://osvdb.org/34067 http://osvdb.org/34068 http://osvdb.org/34069 http://secunia.com/advisories/24509 http://secunia.com/advisories/25748 http://security.gentoo.org/glsa/glsa-200706-07.xml http://securityreason.com/securityalert/2459 http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php http://www.phprojekt.com/index.php?name=News&file=article&sid=276 http://www.securityfocus.com/archive/1/462788/100/0/threaded http://www.securityfocus.com/bid/22957
Share on: