Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-03-20T10:00:00
Updated: 2024-08-07T08:24:41.852Z
Reserved: 2008-03-19T00:00:00
Link: CVE-2008-1414
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-03-20T10:44:00.000
Modified: 2024-11-21T00:44:29.240
Link: CVE-2008-1414
Redhat
No data.