CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
51.1%
The Time Spent module tracks the time a registered user spends on a site and a site’s content.
The module doesn’t sufficiently sanitize user input. Cross site scripting, cross-site request forgery, and SQL injection vulnerabilities have all been found. Note that none of these vulnerabilities have been addressed by the author; the Drupal Security Team recommends that this module be uninstalled immediately.
Drupal core is not affected. If you do not use the contributed Time Spent module, there is nothing you need to do.
Uninstall the module:
Also see the Time Spent project page.