CVE-2008-1414 Information

Description

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php (3) invoices.php (4) smartlinks.php and (5) todo.php as demonstrated using a META tag.

Reference

http://secunia.com/advisories/29416 http://securityreason.com/securityalert/3756 http://www.securityfocus.com/archive/1/489689/100/0/threaded http://www.securityfocus.com/bid/28263 http://www.vupen.com/english/advisories/2008/0911/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41227 https://www.exploit-db.com/exploits/5262