Lucene search

[email protected]CVE-2006-3958

HistoryAug 01, 2006 - 9:04 p.m.

CVE-2006-3958

2006-08-0121:04:00

[email protected]

web.nvd.nist.gov

cve

2006-3958

xss

vulnerabilities

taskjitsu

web script

html

remote attackers

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) “Pages that display task status, email addresses, URL, customer, and project information.”

Affected configurations

NVD

Node

pkr_internettaskjitsuMatch2.0.3

CPENameOperatorVersion
pkr_internet:taskjitsupkr internet taskjitsueq2.0.3

CPE	Name	Operator	Version
pkr_internet:taskjitsu	pkr internet taskjitsu	eq	2.0.3

References

secunia.com/advisories/21242

www.osvdb.org/27637

www.pkrinternet.com/download/RELEASE-NOTES.txt

www.securityfocus.com/bid/19251

www.vupen.com/english/advisories/2006/3058

exchange.xforce.ibmcloud.com/vulnerabilities/28178

www.pkrinternet.com/taskjitsu/task/3477

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2006-3958

cvelist1 nvd1