CNNVD-202509-1106 Information

CNNVD ID

CNNVD-202509-1106

Related CVE

CVE-2025-10088

• CNNVD Published: 2025-09-08

Description (Chinese)

SourceCodester Time Tracker是SourceCodester开源的一个个人时间追踪工具。 SourceCodester Time Tracker 1.0版本存在代码注入漏洞，该漏洞源于/index.html文件参数处理不当，可能导致跨站脚本攻击。

Description (English)

SourceCodester Time Tracker is an open source personal time tracking tool. SourceCodester Time Tracker Version 1.0 has a code-intruding loophole, which stems from the inappropriate handling of/index.html document parameters and may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

SourceCodester

Published

2025-09-08

Last Modified

2026-02-24

References

https://vuldb.com/?id.323044 https://vuldb.com/?submit.644841 https://vuldb.com/?ctiid.323044 https://www.sourcecodester.com/ https://github.com/drew-byte/Personal-Time-Tracker-V1-POC https://access.redhat.com/security/cve/cve-2025-10088