Skip to main content

Time Tracker CVE-2015-6751

LOW
Cross-site Scripting (XSS) (CWE-79)
2015-08-31 cve@mitre.org
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 31, 2015 - 18:59 cve.org
LOW 3.5

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. Affected products include: Time Tracker Project Time Tracker. Version information: before 7..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-24707 HIGH POC
8.8 Feb 24

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8)

CVE-2020-15255 HIGH POC
7.3 Oct 16

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could

CVE-2023-32308 CRITICAL
9.8 May 15

anuko timetracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remo

CVE-2023-32306 CRITICAL
9.8 May 12

Time Tracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2020-27422 CRITICAL POC
9.8 Nov 16

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an a

CVE-2021-21352 CRITICAL
9.1 Mar 03

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated critical severity (CVSS

CVE-2021-43851 HIGH
8.8 Dec 22

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8)

CVE-2021-29436 HIGH
8.1 Apr 13

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.1)

CVE-2019-12162 HIGH
7.8 Jul 23

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which c

CVE-2020-27423 HIGH POC
7.5 Nov 16

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial o

CVE-2021-41139 MEDIUM
6.1 Oct 13

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.

CVE-2023-32066 MEDIUM
5.4 May 09

Time Tracker is an open source time tracking system. Rated medium severity (CVSS 5.4), this vulnerability is remotely ex

Share

CVE-2015-6751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy