T
racks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.
References
Configurations
No configuration.
History
21 Nov 2024, 09:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/TracksApp/tracks/commit/b0d288d2efd0f8020d04ca95b8e0738a9eab6c51 - | |
| References | () https://github.com/TracksApp/tracks/commit/c23ca0574ec1149993476632ffd66643aec6aac2 - | |
| References | () https://github.com/TracksApp/tracks/releases/tag/v2.7.1 - | |
| References | () https://github.com/TracksApp/tracks/security/advisories/GHSA-fp4p-59hr-3695 - |
29 Jul 2024, 14:12
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-07-26 15:15
Updated : 2024-11-21 09:33
NVD link : CVE-2024-41805
Mitre link : CVE-2024-41805
CVE.ORG link : CVE-2024-41805
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')