CVE-2006-1479 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Serge Rey	Gtd-php

Configuration 1 [-]

cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/ref/24/24149-gtd-php.txt
http://secunia.com/advisories/19512
http://www.osvdb.org/24149
http://www.osvdb.org/24150
http://www.osvdb.org/24151
http://www.osvdb.org/24152
http://www.osvdb.org/24153
http://www.osvdb.org/24154
http://www.osvdb.org/24155
http://www.osvdb.org/24156
http://www.osvdb.org/24157
http://www.osvdb.org/24158
http://www.securityfocus.com/bid/17366
http://www.vupen.com/english/advisories/2006/1203
https://exchange.xforce.ibmcloud.com/vulnerabilities/25553

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-29T01:00:00

Updated: 2024-08-07T17:12:22.164Z

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1479

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-29T01:06:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1479

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-1203", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"name": "17366", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17366"}, {"name": "24156", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24156"}, {"name": "24158", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24158"}, {"tags": ["x_refsource_MISC"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"name": "24151", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24151"}, {"name": "gtdphp-multiple-scripts-xss(25553)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"name": "24154", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24154"}, {"name": "24153", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24153"}, {"name": "24149", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24149"}, {"name": "24150", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24150"}, {"name": "24152", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24152"}, {"name": "19512", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19512"}, {"name": "24155", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24155"}, {"name": "24157", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24157"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1479", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-1203", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"name": "17366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17366"}, {"name": "24156", "refsource": "OSVDB", "url": "http://www.osvdb.org/24156"}, {"name": "24158", "refsource": "OSVDB", "url": "http://www.osvdb.org/24158"}, {"name": "http://osvdb.org/ref/24/24149-gtd-php.txt", "refsource": "MISC", "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"name": "24151", "refsource": "OSVDB", "url": "http://www.osvdb.org/24151"}, {"name": "gtdphp-multiple-scripts-xss(25553)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"name": "24154", "refsource": "OSVDB", "url": "http://www.osvdb.org/24154"}, {"name": "24153", "refsource": "OSVDB", "url": "http://www.osvdb.org/24153"}, {"name": "24149", "refsource": "OSVDB", "url": "http://www.osvdb.org/24149"}, {"name": "24150", "refsource": "OSVDB", "url": "http://www.osvdb.org/24150"}, {"name": "24152", "refsource": "OSVDB", "url": "http://www.osvdb.org/24152"}, {"name": "19512", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19512"}, {"name": "24155", "refsource": "OSVDB", "url": "http://www.osvdb.org/24155"}, {"name": "24157", "refsource": "OSVDB", "url": "http://www.osvdb.org/24157"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:22.164Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-1203", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"name": "17366", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17366"}, {"name": "24156", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24156"}, {"name": "24158", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24158"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"name": "24151", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24151"}, {"name": "gtdphp-multiple-scripts-xss(25553)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"name": "24154", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24154"}, {"name": "24153", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24153"}, {"name": "24149", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24149"}, {"name": "24150", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24150"}, {"name": "24152", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24152"}, {"name": "19512", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19512"}, {"name": "24155", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24155"}, {"name": "24157", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24157"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1479", "datePublished": "2006-03-29T01:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2024-08-07T17:12:22.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6D08A4E4-8143-4311-9489-FEFB6089FA7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}], "id": "CVE-2006-1479", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-29T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19512"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24149"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24150"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24151"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24152"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24153"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24154"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24155"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24156"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24157"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24158"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17366"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/24158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}