{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T02:44:54.521","vulnerabilities":[{"cve":{"id":"CVE-2022-24708","sourceIdentifier":"security-advisories@github.com","published":"2022-02-24T16:15:08.300","lastModified":"2024-11-21T06:50:55.313","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name."},{"lang":"es","value":"Anuko Time Tracker es una aplicación de seguimiento del tiempo basada en la web y de código abierto escrita en PHP. ttUser.class.php en Time Tracker versiones anteriores a 1.20.0.5646, no escapaba el nombre del grupo primario para su visualización. Debido a esto, era posible que un usuario conectado modificara el nombre del grupo primario con elementos de JavaScript. Dicho script podía ser ejecutado en el navegador del usuario en peticiones posteriores en páginas donde fuera mostrado el nombre del grupo primario. Esta vulnerabilidad ha sido corregida en versión 1.20.0.5646. Los usuarios que no puedan actualizar pueden modificar ttUser.class.php para usar una llamada adicional a htmlspecialchars cuando es impreso el nombre del grupo"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*","versionEndExcluding":"1.20.0.5646","matchCriteriaId":"BBE3E8DC-1EF3-451E-B15C-868B6DF653E6"}]}]}],"references":[{"url":"https://github.com/anuko/timetracker/commit/6aaad31630500d13b6c8459daa9f406fd5eb4330","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/security/advisories/GHSA-rgcm-xgvj-5mqh","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/commit/6aaad31630500d13b6c8459daa9f406fd5eb4330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/security/advisories/GHSA-rgcm-xgvj-5mqh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}