CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8496

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.9%

CVSS Severity

CVSS v3 Score 6.9

CVSS v2 Score 3.5

References

Products affected by CVE-2020-8496

Kronos » Web Time And Attendance » Version: 4.1.17

cpe:2.3:a:kronos:web_time_and_attendance:4.1.17
Kronos » Web Time And Attendance » Version: 4.1.26

cpe:2.3:a:kronos:web_time_and_attendance:4.1.26
Kronos » Web Time And Attendance » Version: 4.1.28

cpe:2.3:a:kronos:web_time_and_attendance:4.1.28
Kronos » Web Time And Attendance » Version: 4.2

cpe:2.3:a:kronos:web_time_and_attendance:4.2
Kronos » Web Time And Attendance » Version: 4.2.13

cpe:2.3:a:kronos:web_time_and_attendance:4.2.13
Kronos » Web Time And Attendance » Version: 4.2.5

cpe:2.3:a:kronos:web_time_and_attendance:4.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8496

Products

Pricing

Contact Us