CVE-2020-8493 MEDIUM

CVE-2020-8493

Vendor N/A
Product n/a
Published January 30, 2020
Last update August 4, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AC:L/AV:N/A:N/C:L/I:H/PR:H/S:C/UI:R

What the vulnerability does

01Description

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator.

Key dates

02Disclosure timeline

January 30, 2020 CVE published
August 4, 2024 Record updated