Cross Site Scripting (XSS) vulnerability in Timesheet Next Gen 1.5.3 and earlier allows arbitrary code execution via redirect parameter in login.php.

Cross Site Scripting (XSS) vulnerability in Timesheet Next Gen 1.5.3 and earlier allows arbitrary code execution via redirect parameter in login.php.

CVE-2019-1010287 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.

Learn more about our Web App Pen Testing.