CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 1CVE-2019-1010287
https://notcve.org/view.php?id=CVE-2019-1010287
17 Jul 2019 — Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. Timesheet Next Gen versión 1.5.3 y versiones anteriores se ven impactados por: Cross Site Scripting (XSS). • https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2012-2105 – Timesheet Next Gen 1.5.2 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2012-2105
19 Sep 2012 — Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Múltiples vulnerabilidades de inyección SQL en login.php en Timesheet Next Gen v1.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1)username o (2)password. • https://www.exploit-db.com/exploits/18554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •