CVE-2006-3240

Name: CVE-2006-3240
Creator: NVD / NIST
Published: 2006-06-27T10:05:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.25%

Last modified Jun 16, 2026

CVE-2006-3240 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.. EPSS estimates a 2.25% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Metrics

EPSS Probability

2.25%

80.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Dotproject	Dotproject	<= 2.0.3

References

http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113&r2=1.114Patch, Vendor Advisory
http://jvn.jp/jp/JVN%2339188922/index.htmlThird Party Advisory
http://secunia.com/advisories/20822Broken Link, Not Applicable
http://sourceforge.net/project/shownotes.php?release_id=427236Patch, Third Party Advisory
http://www.securityfocus.com/bid/18650Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/2509Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/27585Broken Link, Third Party Advisory, VDB Entry
http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113&r2=1.114Patch, Vendor Advisory
http://jvn.jp/jp/JVN%2339188922/index.htmlThird Party Advisory
http://secunia.com/advisories/20822Broken Link, Not Applicable
http://sourceforge.net/project/shownotes.php?release_id=427236Patch, Third Party Advisory
http://www.securityfocus.com/bid/18650Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/2509Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/27585Broken Link, Third Party Advisory, VDB Entry

Timeline

Published: Jun 27, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3240?

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

How severe is CVE-2006-3240?

Severity scoring for CVE-2006-3240 is pending analysis. The EPSS model estimates a 2.25% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3240?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3240?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST