Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kronos kronos webta - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6666
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote malicious users to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610...
Kronos Kronos Webta -
7.5
CVSSv3
CVE-2020-8495
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, dele...
Kronos Web Time And Attendance
4.8
CVSSv3
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions prior to 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated adminis...
Kronos Web Time And Attendance
8.8
CVSSv3
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via ...
Kronos Web Time And Attendance
4.8
CVSSv3
CVE-2020-8496
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions prior to 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
Kronos Web Time And Attendance 4.1.17
Kronos Web Time And Attendance
6.5
CVSSv3
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later prior to 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Kronos Web Time And Attendance
9.8
CVSSv3
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Kronos Web Time And Attendance 5.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started