Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
HurryTimer: Hackers can inject malicious code into your website
CVE-2026-24392
Summary
The HurryTimer software does not properly check user input, which allows hackers to inject malicious code into your website. This can lead to unauthorized actions being taken on your site. You should update HurryTimer to the latest version (2.14.2 or later) to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a t...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
nvd CVSS3.1
5.9
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026