Lucene search

Time Tracker Security Vulnerabilities - 2023

cve

CVE-2023-32066

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be...

5.4CVSS

5.1AI Score

0.001EPSS

2023-05-09 04:15 PM

cve

CVE-2023-32306

Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not che...

9.8CVSS

9.3AI Score

0.002EPSS

2023-05-12 07:15 PM

cve

CVE-2023-32308

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors ...

9.8CVSS

9.7AI Score

0.002EPSS

2023-05-15 09:15 PM