44 matches found
CVE-2008-6666
Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...
CVE-2008-6666
CVE-2008-6666 affects Kronos webTA. The vulnerability is a cross-site scripting (XSS) flaw in the description field of two servlets (servlet/com.threeis.webta.H710selProject and servlet/com.threeis.webta.H720editProjectInfo). Exploitation details are not provided in the documents; no specific exp...
webta-xss.txt
http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...
webTA by kronos - XSS
http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...