CVE-2019-1010287
https://notcve.org/view.php?id=CVE-2019-1010287
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. Timesheet Next Gen versión 1.5.3 y versiones anteriores se ven impactados por: Cross Site Scripting (XSS). • https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40 https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2105 – Timesheet Next Gen 1.5.2 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2012-2105
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Múltiples vulnerabilidades de inyección SQL en login.php en Timesheet Next Gen v1.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1)username o (2)password. • https://www.exploit-db.com/exploits/18554 http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html http://secunia.com/advisories/48239 http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122 http://www.exploit-db.com/exploits/18554 http://www.openwall.com/lists/oss-security/2012/04/16/4 http://www.openwall.com/lists/oss-security/2012/04/16/7 http://www.osvdb.org/79804 http://www.securityfocus.com/bid/52270 https://exchange.xforce.ibmcloud.com/vu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •