Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dcp-portal | Codeworx_technologies | 3.7 (including) | 3.7 (including) |
| Dcp-portal | Codeworx_technologies | 4.0 (including) | 4.0 (including) |
| Dcp-portal | Codeworx_technologies | 4.1 (including) | 4.1 (including) |
| Dcp-portal | Codeworx_technologies | 4.2 (including) | 4.2 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=101379217032525\u0026w=2
- http://www.dcp-portal.com/contents.php?id=18
- http://www.securityfocus.com/bid/4112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8197
- http://marc.info/?l=bugtraq\u0026m=101379217032525\u0026w=2
- http://www.dcp-portal.com/contents.php?id=18
- http://www.securityfocus.com/bid/4112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8197