CVE-2019-1010287
published 2019-07-17CVE-2019-1010287: Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript…
PriorityP341medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.30%
89.9th percentile
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| timesheet_next_gen | timesheet_next_gen | — | — |
| timesheet_next_gen_project | timesheet_next_gen | <= 1.5.3 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2019-1010287 [MEDIUM] Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen javascript:alert(document.domain)'
- type: status
status:
- 200
# digest: 490a004630440220530aad5873f57fe63a467e0b19c6836e0c52e3098093b1109fda29b14a9620fb02202006862c90e732404e3517c602f9ffdbeffe840bffddd0dbe6868bda6c1ef9f7:922c64590222798bb761d5b6d8e72950
2019-07-17
Published