PT-2002-2043 · Double Choco Latte · Double Choco Latte

Published

2002-08-31

Updated

2016-10-18

CVE-2002-1037

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Double Choco Latte (DCL) versions prior to 20020706

Description: A cross-site scripting issue allows remote attackers to inject arbitrary HTML, including script, into web pages via several features, including Ticket# Find, Priorities, Severities, Projects, WO# Find, Departments, and Users.

Recommendations: For versions prior to 20020706, update to a version released after 20020706 to resolve the issue. As a temporary workaround, consider restricting user input in the affected features to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1037

Affected Products

Double Choco Latte

PT-2002-2043 · Double Choco Latte · Double Choco Latte

CVE-2002-1037

Related Identifiers

Affected Products

References · 6