Cross site scripting

2020-01-3022:15:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.

CPENameOperatorVersion
web_time_and_attendancege4.1.26
web_time_and_attendancelt5.0
web_time_and_attendanceeq4.1.17 r1

Name	Operator	Version
web_time_and_attendance	ge	4.1.26
web_time_and_attendance	lt	5.0
web_time_and_attendance	eq	4.1.17 r1

References

www.nolanbkennedy.com/post/stored-xss-2-in-kronos-web-time-and-attendance-webta

www.kronos.com/products/kronos-webta