gtd-php contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Category Name field ('category' variable) upon submission to the newCategory.php script. The script code is rendered when any script that provides a category drop down box is called. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• Bugtraq ID: 17366
• Secunia Advisory ID: 19512
• CVE ID: 2006-1479 (see also: NVD)
• Related OSVDB ID: 24149 24150 24151 24152 24153 24155 24156 24157 24158
• VUPEN Advisory: ADV-2006-1203
• Vendor URL: http://gtd-php.sourceforge.net/
• Other Advisory URL: http://osvdb.org/ref/24/24149-gtd-php.txt

• security curmudgeon - attrition.org