CVE-2008-1414

2008-03-2010:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

References

secunia.com/advisories/29416

securityreason.com/securityalert/3756

www.securityfocus.com/archive/1/489689/100/0/threaded

www.securityfocus.com/bid/28263

www.vupen.com/english/advisories/2008/0911/references

exchange.xforce.ibmcloud.com/vulnerabilities/41227

www.exploit-db.com/exploits/5262