CVE-2003-1536

Name of the Vulnerable Software and Affected Versions DCP-Portal version 5.3.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the q parameter to the "search.php" endpoint and the year parameter to the "calendar.php" endpoint are vulnerable.

Recommendations For DCP-Portal version 5.3.1, as a temporary workaround, consider restricting access to the "search.php" and "calendar.php" endpoints until a patch is available. Avoid using the q parameter in the "search.php" endpoint and the year parameter in the "calendar.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.