WorkforceROI XPede Arbitrary Time Sheet Disclosure Vulnerabiltiy

XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.

An issue has been reported in Xpede, which could allow a remote user to access the time sheets of other users. The vulnerability is in the 'ets_app_process.asp' script and is due to a lack of adequate authorization checks.

This issue was reported for XPede 4.1. Other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus