CVE-2013-7250
ProjectForge <5.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
References (4)
Scores
EPSS
0.0018
EPSS Percentile
39.4%
Details
CWE
CWE-79
Status
published
Products (4)
projectforge/projectforge
< 5.2
projectforge/projectforge
projectforge/projectforge
n/a/n/a
Published
Jan 02, 2014
Tracked Since
Feb 18, 2026