Unrated severityNVD Advisory· Published Jan 2, 2014· Updated Jun 17, 2026
CVE-2013-7250
CVE-2013-7250
Description
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:projectforge:projectforge:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:projectforge:projectforge:*:*:*:*:*:*:*:*range: <=5.2
- cpe:2.3:a:projectforge:projectforge:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:projectforge:projectforge:5.1:*:*:*:*:*:*:*
- (no CPE)range: <5.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.