Vulnerability Description
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Timesheet Next Gen Project | Timesheet Next Gen | <= 1.5.3 |
Related Weaknesses (CWE)
References
- https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40PatchThird Party Advisory
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/ExploitThird Party Advisory
- https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40PatchThird Party Advisory
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/ExploitThird Party Advisory
FAQ
What is CVE-2019-1010287?
CVE-2019-1010287 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The compone...
How severe is CVE-2019-1010287?
CVE-2019-1010287 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010287?
Check the references section above for vendor advisories and patch information. Affected products include: Timesheet Next Gen Project Timesheet Next Gen.