CVE-2008-3886

Name of the Vulnerable Software and Affected Versions dotProject version 2.1.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in different actions, including the inactive parameter in a "tasks" action, the date parameter in a "calendar day view" action, the callback parameter in a "public calendar" action, or the type parameter in a "ticketsmith" action.

Recommendations For dotProject version 2.1.2, update to a version that addresses these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the affected parameters, such as inactive, date, callback, and type, in their respective actions until a patch is available.