VYPR
Unrated severityNVD Advisory· Published Mar 29, 2006· Updated Jun 16, 2026

CVE-2006-1479

CVE-2006-1479

Description

Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Serge Rey/Gtd PHP2 versions
    cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*
    • (no CPE)range: =0.5

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.