Vulnerability Description
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kronos | Web Time And Attendance | >= 3.8, < 4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-EscalatioExploitThird Party Advisory
- http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-wExploitThird Party Advisory
- https://www.kronos.com/products/kronos-webtaProductVendor Advisory
- http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-EscalatioExploitThird Party Advisory
- http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-wExploitThird Party Advisory
- https://www.kronos.com/products/kronos-webtaProductVendor Advisory
FAQ
What is CVE-2020-8493?
CVE-2020-8493 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions...
How severe is CVE-2020-8493?
CVE-2020-8493 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8493?
Check the references section above for vendor advisories and patch information. Affected products include: Kronos Web Time And Attendance.