AckerTodo 4.0 - 'index.php' Cross-Site Scripting

EDB-ID:

28494




Platform:

PHP

Date:

2006-09-07


source: https://www.securityfocus.com/bid/19894/info

AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue would allow an attacker to steal cookie-based credentials and to launch other attacks.

Version 4.0 is vulnerable; other versions may also be affected.

index.php?cmd=edit_task&task_id="><script>document.write(document.cookie);</script>