4 matches found
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...
CVE-2019-1010287
Timesheet Next Gen vulnerable to reflected XSS (CVE-2019-1010287) in login.php (lines 40 and 54) via a redirect parameter. Affected: Timesheet Next Gen versions 1.5.3 and earlier. Impact: attacker can cause arbitrary HTML/JavaScript execution when a user clicks a malicious URL. Affected vector: r...
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...