CVE-2023-41588

Name of the Vulnerable Software and Affected Versions Time to SLA plugin version 10.13.5

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. This enables the execution of malicious code on the affected system.

Recommendations For Time to SLA plugin version 10.13.5, consider restricting access to the durationFormat parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.