Vulnerability Description
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Riceball | Multiple Time Sheets | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29416Vendor Advisory
- http://securityreason.com/securityalert/3756
- http://www.securityfocus.com/archive/1/489689/100/0/threaded
- http://www.securityfocus.com/bid/28263Exploit
- http://www.vupen.com/english/advisories/2008/0911/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41227
- https://www.exploit-db.com/exploits/5262
- http://secunia.com/advisories/29416Vendor Advisory
- http://securityreason.com/securityalert/3756
- http://www.securityfocus.com/archive/1/489689/100/0/threaded
- http://www.securityfocus.com/bid/28263Exploit
- http://www.vupen.com/english/advisories/2008/0911/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41227
- https://www.exploit-db.com/exploits/5262
FAQ
What is CVE-2008-1414?
CVE-2008-1414 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonst...
How severe is CVE-2008-1414?
CVE-2008-1414 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1414?
Check the references section above for vendor advisories and patch information. Affected products include: Riceball Multiple Time Sheets.