CVE-2011-1062

EPSS 1.8%

Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.

Affected products

n/a · n/a

public PoCs found — 5

cve_referencewww.exploit-db.com/exploits/16158unverified exploitdbwww.exploit-db.com/exploits/35336unverified exploitdbwww.exploit-db.com/exploits/35337unverified exploitdbwww.exploit-db.com/exploits/35338unverified exploitdbwww.exploit-db.com/exploits/16158unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/70877 http://osvdb.org/70878 http://secunia.com/advisories/43318 https://exchange.xforce.ibmcloud.com/vulnerabilities/65359 http://www.exploit-db.com/exploits/16158 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4990.php