Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kronos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6666
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote malicious users to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610...
Kronos Kronos Webta -
4.8
CVSSv3
CVE-2020-8496
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions prior to 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
Kronos Web Time And Attendance 4.1.17
Kronos Web Time And Attendance
7.5
CVSSv3
CVE-2020-8495
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, dele...
Kronos Web Time And Attendance
8.8
CVSSv3
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via ...
Kronos Web Time And Attendance
4.8
CVSSv3
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions prior to 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated adminis...
Kronos Web Time And Attendance
6.5
CVSSv3
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later prior to 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Kronos Web Time And Attendance
9.8
CVSSv3
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Kronos Web Time And Attendance 5.0.4
NA
CVE-2018-9472
Kronos crims go retro, Apple builds cop portal, Swiss cheesed over Russian hack bid, etc
1 Article
NA
CVE-2018-9411
Kronos crims go retro, Apple builds cop portal, Swiss cheesed over Russian hack bid, etc
1 Github repository
1 Article
7.8
CVSSv3
CVE-2018-9427
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions:...
Google Android 8.0
Google Android 8.1
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »