2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.0%
The Support Timer module adds a javascript-based timer to the Support Ticketing System for tracking how long users are working on support tickets, as well as administrative reports.
The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting (XSS) vulnerabilities.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “track time spent”.
Drupal core is not affected. If you do not use the contributed Support Timer module, there is nothing you need to do.
Install the latest version:
See also the Support Timer project page.