CVE-2008-4742

Name of the Vulnerable Software and Affected Versions TimeTrex version 2.2.11

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the password and user name parameters in the interface/Login.php file.

Recommendations For TimeTrex version 2.2.11, update to a version that fixes these XSS vulnerabilities to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting input for the password and user name parameters to minimize the risk of exploitation.