CVE-2020-8493

{"id": "CVE-2020-8493", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.7}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-01-30T22:15:10.377", "references": [{"url": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kronos.com/products/kronos-webta", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kronos.com/products/kronos-webta", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator."}, {"lang": "es", "value": "Una vulnerabilidad tipo XSS almacenado en Kronos Web Time and Attendance (webTA) afecta a las versiones 3.8.x y posteriores, versiones 3.x anteriores a 4.0, por medio de m\u00faltiples campos de entrada (Login Message, Banner Message, y Password Instructions) del servlet com.threeis.webta.H261configMenu por medio de un administrador autenticado."}], "lastModified": "2024-11-21T05:38:56.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3400EE4B-5B36-4C46-A208-807129645AD6", "versionEndExcluding": "4.0", "versionStartIncluding": "3.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}