CVE-2006-3958

Taskjitsu 2.0.3 is affected by multiple cross-site scripting (XSS) vulnerabilities disclosed in CVE-2006-3958. The issues enable injection of arbitrary script/HTML via (1) Search Tasks, (2) Edit Task (authenticated users), (3) back-end Category Editor, and (4) pages displaying task status, emails...

CVE-2006-3397

Taskjitsu (CVE-2006-3397) has a cross-site scripting vulnerability affecting versions before 2.0.1. The flaw allows remote attackers to inject arbitrary web script or HTML through multiple parameters when creating a task, notably the title and description fields. The PT-2006-4289 entry confirms t...

CVE-2006-3398

The CVE-2006-3398 entry involves Taskjitsu prior to 2.0.1, where password hashes are embedded in hidden fields of the change password forms. This allows remote attackers to obtain sensitive information from the Category Editor and the User Information editor. The issue is tied to versions before ...

CVE-2006-5184

The CVE affects PKR Internet Taskjitsu prior to version 2.0.6. A SQL injection exists via the key parameter when limit is set to customerid, allowing remote execution of arbitrary SQL commands. Public sources in the connected documents confirm the specific vector and impact as described by NVD/CV...