CVE-2023-31466

Name of the Vulnerable Software and Affected Versions FSMLabs TimeKeeper version 8.0.17

Description A cross-site scripting (XSS) issue was found, allowing for the injection of JavaScript code on specific screens. The affected screens include "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there".

Recommendations For FSMLabs TimeKeeper version 8.0.17, as a temporary workaround, consider restricting access to the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.