Lucene search
K

11 matches found

Nuclei
Nuclei
added yesterday24 views

Timesheet Next Gen <=1.5.3 - Cross-Site Scripting

Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...

6.1CVSS6.5AI score0.043EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-1990

Malware in sbrugna...

9.8CVSS9.5AI score0.01421EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.11 views

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...

6.1CVSS6.9AI score0.043EPSS
Exploits1References1
OSV
OSV
added 2019/07/18 6:15 p.m.3 views

CVE-2019-1010248

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

9.8CVSS5.8AI score0.01421EPSS
Exploits0References1
Prion
Prion
added 2019/07/18 6:15 p.m.22 views

Sql injection

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

7.5CVSS9.6AI score0.01421EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/07/18 5:59 p.m.71 views

CVE-2019-1010248

CVE-2019-1010248 affects Synetics i-doit 1.12 and earlier. A SQL injection in the Web login form allows an attacker to perform unauthenticated access to the MySQL database. The vulnerability is exploitable by sending a malicious HTTP POST request. The fixed version is 1.12.1. Connected sources co...

9.8CVSS9.6AI score0.01421EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/18 5:59 p.m.34 views

CVE-2019-1010248

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

9.7AI score0.01421EPSS
Exploits0References1
NVD
NVD
added 2019/07/17 9:15 p.m.21 views

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...

6.1CVSS6.3AI score0.043EPSS
Exploits1References2
Prion
Prion
added 2019/07/17 9:15 p.m.13 views

Cross site scripting

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...

4.3CVSS6.2AI score0.043EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/17 8:2 p.m.20 views

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...

6.3AI score0.043EPSS
Exploits1References2
CVE
CVE
added 2019/07/17 8:2 p.m.70 views

CVE-2019-1010287

Timesheet Next Gen vulnerable to reflected XSS (CVE-2019-1010287) in login.php (lines 40 and 54) via a redirect parameter. Affected: Timesheet Next Gen versions 1.5.3 and earlier. Impact: attacker can cause arbitrary HTML/JavaScript execution when a user clicks a malicious URL. Affected vector: r...

6.1CVSS6.3AI score0.043EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder