Lucene search

MitreCVE-2011-1062

HistoryFeb 23, 2011 - 1:00 a.m.

CVE-2011-1062

2011-02-2301:00:01

CWE-79

mitre

web.nvd.nist.gov

cve-2011-1062

cross-site scripting

xss

taskfreak! 0.6.4

security vulnerabilities

injection

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

taskfreaktaskfreak\!Match0.6.4

VendorProductVersionCPE
taskfreaktaskfreak\!0.6.4cpe:2.3:a:taskfreak:taskfreak\!:0.6.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
taskfreak	taskfreak\!	0.6.4	cpe:2.3:a:taskfreak:taskfreak\!:0.6.4:::::::*

References

osvdb.org/70877

osvdb.org/70878

secunia.com/advisories/43318

www.exploit-db.com/exploits/16158

www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4990.php

exchange.xforce.ibmcloud.com/vulnerabilities/65359

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

Related for CVE-2011-1062