An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.
References
Link | Resource |
---|---|
https://fsmlabs.com/fsmlabs-cybersecurity/ | Product |
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-31466.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-26T00:00:00
Updated: 2023-07-26T00:00:00
Reserved: 2023-04-28T00:00:00
Link: CVE-2023-31466
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-26T20:15:12.557
Modified: 2023-08-03T15:12:02.457
Link: CVE-2023-31466
JSON object: View
Redhat Information
No data.
CWE