Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Time Tracker has Stored XSS vulnerability in Week View plugin
Vulnerability Description
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Anuko Time Tracker 跨站脚本漏洞
Vulnerability Description
Anuko Time Tracker是个人开发者的一个开源的时间统计系统。用于统计员工在各个工作上花费时间的一个平台。 Anuko Time Tracker 1.22.11.5782之前版本存在跨站脚本漏洞。攻击者利用该漏洞可以执行任意脚本。
CVSS Information
N/A
Vulnerability Type
N/A