Viktor Schlüter

**Name of the Vulnerable Software and Affected Versions** Grouptime Teamwire Desktop Client versions 1.5.1 through 1.9.0 Grouptime Teamwire backend versions prior to prod-2018-11-13-15-00-42 **Description** The issue allows code injection via a template, leading to remote code execution. **Recommendations** For Grouptime Teamwire Desktop Client versions 1.5.1 through 1.9.0, update to version 1.9.0 or later. For Grouptime Teamwire backend versions prior to prod-2018-11-13-15-00-42, update to a version after prod-2018-11-13-15-00-42.

**Name of the Vulnerable Software and Affected Versions** Grouptime Teamwire Client versions 1.5.1 through 1.9.0 Grouptime Teamwire Client backend versions prior to prod-2018-11-13-15-00-42 **Description** The issue affects the admin interface of the Grouptime Teamwire Client, allowing stored XSS attacks. **Recommendations** For Grouptime Teamwire Client versions 1.5.1 through 1.9.0, update to version 1.9.0 or later to resolve the issue. For Grouptime Teamwire Client backend versions prior to prod-2018-11-13-15-00-42, update to a version after prod-2018-11-13-15-00-42 to fix the problem.