Michael Dean: >> Double Choco Latte >> 2002-02-15 Security Vulnerabilities
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-10-04
Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features.
CVSS Score
5.0
EPSS Score
0.005
Published
2002-10-04
Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature.
CVSS Score
5.0
EPSS Score
0.024
Published
2002-10-04