Detections
Analytics

CVE-2006-3958

medium

Description

Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."

References

https://www.pkrinternet.com/taskjitsu/task/3477

https://exchange.xforce.ibmcloud.com/vulnerabilities/28178

http://www.vupen.com/english/advisories/2006/3058

http://www.securityfocus.com/bid/19251

http://www.pkrinternet.com/download/RELEASE-NOTES.txt

http://www.osvdb.org/27637

http://secunia.com/advisories/21242

Details

Source: Mitre, NVD

Published: 2006-08-01

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0055