CVE-2008-2563

Samtodo - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a main.default action, to index.php.

References (5)

[Vendor Advisory] http://secunia.com/advisories/30557

[Various Sources] http://www.davidsopas.com/soapbox/samtodo.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42868

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29568

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29569

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

samtodo/samtodo

Timeline

Published Jun 06, 2008

Tracked Since Feb 18, 2026