DCP-Portal User Details Cross-Agent Scripting Vulnerability

DCP-Portal User Details Cross-Agent Scripting Vulnerability

DCP-Portal is a content manager enables various web-based updates. An admin can remotely manage the entire site, members can submit news/content and reviews, etc.

A user of the DCP-Portal system can opt to publish some profile information. A malicious user could include JavaScript commands in some of this information. When the attacker's profile is viewed by a third party, these script commands will execute within the context of the DCP-Portal page, leading to a cross-agent scripting attack. The job information field suffers from this vulnerability.