Description
Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Michail Poultsakis · textwebappsphp
https://www.exploit-db.com/exploits/36660
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/78823
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51842
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47854
Exploit x_refsource_misc
http://dl.packetstormsecurity.net/1202-exploits/projectopen-xss.txt
Exploit, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/732115
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72952
Scores
EPSS
0.1784
EPSS Percentile
95.2%
Details
CWE
CWE-79
Status
published
Products (2)
project-open/\]project-open\[
3.4.0
project-open/\]project-open\[
3.5.0.1-2
Published
Feb 08, 2012
Tracked Since
Feb 18, 2026