CVE-2025-10088

Published
View on NVD ↗
CVSS v3
3.5
LOW
CVSS v2
4
MEDIUM
Affected
1
PROJECT

Description

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

drew-byte/Personal-Time-Tracker-V1-POC
drew-byte/Personal-Time-Tracker-V1-POC
The Personal Time Tracker web application is vulnerable to Reflected Cross-Site Scripting (XSS) in the project name input.
GitHubGitHub