11 matches found
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...
EUVD-2019-1990
Malware in sbrugna...
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...
CVE-2019-1010248
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...
Sql injection
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...
CVE-2019-1010248
CVE-2019-1010248 affects Synetics i-doit 1.12 and earlier. A SQL injection in the Web login form allows an attacker to perform unauthenticated access to the MySQL database. The vulnerability is exploitable by sending a malicious HTTP POST request. The fixed version is 1.12.1. Connected sources co...
CVE-2019-1010248
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...
Cross site scripting
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...
CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...
CVE-2019-1010287
Timesheet Next Gen vulnerable to reflected XSS (CVE-2019-1010287) in login.php (lines 40 and 54) via a redirect parameter. Affected: Timesheet Next Gen versions 1.5.3 and earlier. Impact: attacker can cause arbitrary HTML/JavaScript execution when a user clicks a malicious URL. Affected vector: r...