- Home
- CVEs with nessus.description==The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user.
It may also be affected by HTML injection flaws, which could let an attacker to inject hostile HTML and script code that could permit cookie-based credentials to be stolen and other attacks, and HTTP response splitting flaw, that could let an attacker to influence or misrepresent how web content is served, cached or interpreted.
DCP-Portal has been reported to be vulnerable to an HTTP response splitting attack via the PHPSESSID parameter when passed to the calendar.php script. However, Nessus has not checked for this issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top