• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED:Kronos webTA Project Management Module Multiple HTML Injection Vulnerabilities

Kronos webTA is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

NOTE: This BID was previously titled 'Kronos webTA Project Management Module Multiple Cross Site Scripting Vulnerabilities'. Following further analysis, the title and multiple details throughout have been changed to better document the issue.

UPDATE (July 22, 2008): This BID is being retired because the initial report was based on false or misunderstood information. These vulnerabilities do not exist as specified.