Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1414

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1414
Last Modified 07 Mar 2011 10:07:04
Published 20 Mar 2008 06:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1414

Summary

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

Vulnerable Systems

Application

  • Riceball Multiple Time Sheets


References

XF - mts-index-xss(41227)

VUPEN - ADV-2008-0911

BID - 28263

BUGTRAQ - 20080317 Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities

MILW0RM - 5262

SECUNIA - 29416

SREASON - 3756


Last Updated: 27 May 2016 10:47:08