TaskFreak! logout.php tznMessage Parameter XSS

medium Nessus Plugin ID 47163

Synopsis

A PHP script hosted on the remote web server is affected by a cross- site scripting vulnerability.

Description

The version of TaskFreak! on the remote host is affected by a cross- site scripting vulnerability involving the 'tznMessage' parameter of the 'logout.php' script. A remote attacker may be able to exploit this by tricking a user into making a specially crafted GET request.

There is also reportedly a SQL injection vulnerability in this version of TaskFreak!, though Nessus has not checked for it.

Solution

Upgrade to TaskFreak! 0.6.4 or later.

See Also

http://www.taskfreak.com/original/versions

https://www.securityfocus.com/archive/1/512078/30/0/threaded

Plugin Details

Severity: Medium

ID: 47163

File Name: taskfreak_logout_tznmessage_xss.nasl

Version: 1.10

Type: remote

Published: 6/30/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/PHP, www/taskfreak

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 6/27/2010

Vulnerability Publication Date: 6/29/2010

Reference Information

CVE: CVE-2010-1520

BID: 41221

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Secunia: 40025