CVE-2019-1010287 Information
Description
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \redirect\ parameter. The component is: Web login form: login.php lines 40 and 54. The attack vector is: reflected XSS victim may click the malicious url.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.phpl40
https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/
Timesheet
Next
Gen
1.5.3
and
earlier
is
affected
by:
Cross
Site
Scripting
(XSS).
The
impact
is:
Allows
an
attacker
to
execute
arbitrary
HTML
and
JavaScript
code
via
a
\redirect
parameter.
The
component
is:
Web
login
form:
login.php
lines
40
and
54.
The
attack
vector
is:
reflected
XSS
victim
may
click
the
malicious
url.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: