Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kronos webta vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Kronos Web Time And Attendance 5.0.4
4
CVSSv2
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later prior to 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Kronos Web Time And Attendance
3.5
CVSSv2
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions prior to 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated adminis...
Kronos Web Time And Attendance
6.5
CVSSv2
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via ...
Kronos Web Time And Attendance
6
CVSSv2
CVE-2020-8495
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, dele...
Kronos Web Time And Attendance
3.5
CVSSv2
CVE-2020-8496
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions prior to 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
Kronos Web Time And Attendance 4.1.17
Kronos Web Time And Attendance
4.3
CVSSv2
CVE-2008-6666
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote malicious users to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610...
Kronos Kronos Webta -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started