This script is Copyright (C) 2003-2010 k-otik.com & Copyright (C) 2004-2014 David Maciejak
The remote web server contains a PHP application that is affected by
The version of DCP-Portal installed on the remote host fails to
sanitize input to the script 'calendar.php' before using it to
generate dynamic HTML, that could let an attacker execute arbitrary
code in the browser of a legitimate user.
It may also be affected by HTML injection flaws, which could let an
attacker to inject hostile HTML and script code that could permit
cookie-based credentials to be stolen and other attacks, and HTTP
response splitting flaw, that could let an attacker to influence or
misrepresent how web content is served, cached or interpreted.
DCP-Portal has been reported to be vulnerable to an HTTP response
splitting attack via the PHPSESSID parameter when passed to the
calendar.php script. However, Nessus has not checked for this issue.
See also :
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 11446 (dcp_portal_xss.nasl)
Bugtraq ID: 71417144113381133911340
CVE ID: CVE-2003-1536CVE-2004-2511CVE-2004-2512
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.