CVE-2024-41805

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41805

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41805.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41805

Aliases

GHSA-fp4p-59hr-3695

Published

2024-07-26T15:15:11Z

Modified

2024-07-29T16:03:50.644834Z

Summary

[none]

Details

Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.

References

Affected packages

Git / github.com/tracksapp/tracks

Affected ranges

Type: GIT
Repo: https://github.com/tracksapp/tracks
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b0d288d2efd0f8020d04ca95b8e0738a9eab6c51

Fixed

c23ca0574ec1149993476632ffd66643aec6aac2

Affected versions

Other

before-cucumber-removal

v1.*

v1.5

v1.7

v1.7RC

v1.7RC2

v2.*

v2.3.0

v2.3.rc1

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.7.0