PT-2023-27985 · Unknown · Time To Sla Plugin
Shuning Xu
·
Published
2023-09-14
·
Updated
2023-09-19
·
CVE-2023-41588
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Time to SLA plugin version 10.13.5
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
durationFormat parameter. This enables the execution of malicious code on the affected system.Recommendations
For Time to SLA plugin version 10.13.5, consider restricting access to the
durationFormat parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Time To Sla Plugin