CVE-2008-1414

medium

Description

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

References

https://www.exploit-db.com/exploits/5262

https://exchange.xforce.ibmcloud.com/vulnerabilities/41227

http://www.vupen.com/english/advisories/2008/0911/references

http://www.securityfocus.com/archive/1/489689/100/0/threaded

http://securityreason.com/securityalert/3756

http://secunia.com/advisories/29416

Details

Source: Mitre, NVD

Published: 2008-03-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.04732