Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge prior to 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
projectforge projectforge |
||
projectforge projectforge 5.1 |
||
projectforge projectforge 5.0 |