This issue was report by an anonymous developer.
There is a XSS vulnerability in the time accounting addon.
The issue is fixed in the current release 6.0.19 .
The package can be updated via the package manager or using our download server. https://download.znuny.org/releases/packages/
Please update as soon as possible.