Lucene search
K

44 matches found

Cvelist
Cvelist
added 2009/04/08 10:0 a.m.18 views

CVE-2008-6666

Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...

5.8AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2009/04/08 10:0 a.m.39 views

CVE-2008-6666

CVE-2008-6666 affects Kronos webTA. The vulnerability is a cross-site scripting (XSS) flaw in the description field of two servlets (servlet/com.threeis.webta.H710selProject and servlet/com.threeis.webta.H720editProjectInfo). Exploitation details are not provided in the documents; no specific exp...

4.3CVSS5.9AI score0.01223EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2008/06/09 12:0 a.m.33 views

webta-xss.txt

http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/06/09 12:0 a.m.62 views

webTA by kronos - XSS

http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...

6.3AI score
Exploits0
Rows per page
Query Builder