Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kronos | Kronos Webta | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/46207
- http://osvdb.org/46208
- http://secunia.com/advisories/30588Vendor Advisory
- http://www.securityfocus.com/archive/1/493193/100/0/threaded
- http://www.securityfocus.com/bid/29610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43056
- http://osvdb.org/46207
- http://osvdb.org/46208
- http://secunia.com/advisories/30588Vendor Advisory
- http://www.securityfocus.com/archive/1/493193/100/0/threaded
- http://www.securityfocus.com/bid/29610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43056
FAQ
What is CVE-2008-6666?
CVE-2008-6666 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProj...
How severe is CVE-2008-6666?
CVE-2008-6666 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6666?
Check the references section above for vendor advisories and patch information. Affected products include: Kronos Kronos Webta.