CVE-2006-2851

Published: Jun 6, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.

Affected (3)

Products: Dotproject: Dotproject

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dotproject Dotproject	Version 2.0.1
Dotproject Dotproject	Version 2.0.2
Dotproject Dotproject	Version 2.0

References (12)

http://jvn.jp/jp/JVN%2397636431/index.html

Source: cve@mitre.org

http://secunia.com/advisories/20418

Source: cve@mitre.org

ExploitVendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=422371

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/18275

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2124

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26904

Source: cve@mitre.org

http://jvn.jp/jp/JVN%2397636431/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20418

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=422371

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/18275

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2124

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/26904

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.