Lucene search
K

5 matches found

NVD
NVD
added 2023/05/09 4:15 p.m.28 views

CVE-2023-32066

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References2
Prion
Prion
added 2023/05/09 4:15 p.m.12 views

Code injection

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

4.9CVSS5.2AI score0.00369EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/05/09 3:28 p.m.44 views

CVE-2023-32066

Time Tracker’s Week View plugin (versions setTitle call in week.php (line ~245) as implemented in 1.22.12.5783. Affected products include Anuko Time Tracker; no exploitation status is provided in the documents. Recommended remediation: upgrade to 1.22.12.5783 or newer to mitigate the vulnerabilit...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/09 3:28 p.m.46 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.4AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2023/05/09 3:28 p.m.22 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References4
Rows per page
Query Builder