exploit-db-mirror/exploits/php/webapps/28494.txt

source: http://www.securityfocus.com/bid/19894/info

AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue would allow an attacker to steal cookie-based credentials and to launch other attacks.

Version 4.0 is vulnerable; other versions may also be affected.

index.php?cmd=edit_task&task_id="><script>document.write(document.cookie);</script>