Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:50:01 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1975325980&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1006-advisories%2Fsecuniataskfreak-xss.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1975325980.1338180601.1338180601.1338180601.1%3B%2B__utmz%3D32867617.1338180601.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/91297/secuniataskfreak-xss.txt http://packetstormsecurity.org/files/91297/secuniataskfreak-xss.txt http://packetstormsecurity.org/files/91297/TaskFreak-0.6.3-Cross-Site-Scripting.html Wed, 30 Jun 2010 02:58:55 GMT Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "tznMessage" parameter in logout.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 0.6.3 is affected.