Description

Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.

INFO

Published Date :

2024-07-26T14:51:02.015Z

Last Modified :

2024-08-02T04:46:52.945Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41805 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41805.

URL Resource
https://github.com/TracksApp/tracks/commit/b0d288d2efd0f8020d04ca95b8e0738a9eab6c51 cve-icon cve-icon cve-icon
https://github.com/TracksApp/tracks/commit/c23ca0574ec1149993476632ffd66643aec6aac2 cve-icon cve-icon cve-icon
https://github.com/TracksApp/tracks/releases/tag/v2.7.1 cve-icon cve-icon cve-icon
https://github.com/TracksApp/tracks/security/advisories/GHSA-fp4p-59hr-3695 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact