IDCVSSSummaryLast (major) updatePublished
CVE-2020-15255 6.5
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). Th
16-11-2020 - 01:15 16-10-2020 - 17:15
CVE-2020-27423 5.0
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox
01-12-2020 - 16:04 16-11-2020 - 16:15
CVE-2020-27422 7.5
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
30-11-2020 - 21:34 16-11-2020 - 16:15
CVE-2021-21352 5.0
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This
09-03-2021 - 15:51 03-03-2021 - 01:15
CVE-2021-29436 5.8
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricke
26-04-2021 - 18:27 13-04-2021 - 20:15
Back to Top Mark selected
Back to Top