CVE-2020-15255
published 2020-10-16CVE-2020-15255: In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as…
PriorityP342high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
3.46%
87.6th percentile
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anuko | time_tracker | < 1.19.23.5325 | 1.19.23.5325 |
| anuko | timetracker | < 1.19.23.5325 | 1.19.23.5325 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.htmlhttps://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42fhttps://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpvhttps://www.exploit-db.com/exploits/49027http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.htmlhttps://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42fhttps://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpvhttps://www.exploit-db.com/exploits/49027
2020-10-16
Published