Vulnerability DatabaseWS-2023-0144
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0144
May 11, 2023
Stored XSS was found in Week View Plugin in anuko/timetracker before 1.22.12.5783. An attacker can take advantage of insufficient control of the user input on the POST parameter note to inject arbitrary javascript code that will be permanently stored. In this way, the input entered by the attacker will be triggered whenever the file timetracker/week.php is fetched for a previously specified date.
Related Resources (1)
https://github.com/anuko/timetracker/commit/093cfe158099704ffd4a1624be217f9935e914eb
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
LOW
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW