AckerTodo 4.0 - index.php Cross-Site Scripting

2006-09-07T00:00:00
ID EXPLOITPACK:FE242745E6EDD0D798C30F4A593AA527
Type exploitpack
Reporter viz.security
Modified 2006-09-07T00:00:00

Description

AckerTodo 4.0 - index.php Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/19894/info

AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue would allow an attacker to steal cookie-based credentials and to launch other attacks.

Version 4.0 is vulnerable; other versions may also be affected.

index.php?cmd=edit_task&task_id="><script>document.write(document.cookie);</script>