Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-32066
HistoryMay 09, 2023 - 4:15 p.m.

Code injection

2023-05-0916:15:00
PRIOn knowledge base
www.prio-n.com
1
code injection
time tracker
open source
javascript
version 1.22.11.5782
version 1.22.12.5783
workaround
htmlspecialchars
nvd

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use htmlspecialchars when calling $field->setTitle on line #245 in the week.php file, as happens in version 1.22.12.5783.

CPENameOperatorVersion
time_trackerlt1.22.12.5783

Related

osv 1
nvd 1
cve 1
cvelist 1
osv
osv
CVE-2023-32066
2023-05-09 16:15:15
nvd
nvd
CVE-2023-32066
2023-05-09 16:15:15
cve
cve
CVE-2023-32066
2023-05-09 16:15:15
cvelist
cvelist
CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin
2023-05-09 15:28:50

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON
Related for PRION:CVE-2023-32066
osv1nvd1cve1cvelist1