CVE-2020-8493

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 6.9

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator.

Ссылки

http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html
Exploit
Third Party Advisory
http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta
Exploit
Third Party Advisory
https://www.kronos.com/products/kronos-webta
Product
Vendor Advisory
http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html
Exploit
Third Party Advisory
http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta
Exploit
Third Party Advisory
https://www.kronos.com/products/kronos-webta
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

Версия от 3.8 (включая) до 4.0 (исключая)

EPSS

Процентиль: 79%

0.01249

Низкий

6.9 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-52p7-j296-qwmp

github

больше 3 лет назад

EPSS

Процентиль: 79%

0.01249

Низкий

6.9 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79