An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
kronos web time and attendance 5.0.4