Medium severity5.4NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026

CVE-2017-16819

Description

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Icontime/Rtc 1000 Firmware
cpe:2.3:o:icontime:rtc-1000_firmware:*:*:*:*:*:*:*:*
Range: <=2.5.7458
Icon Time Systems/RTC-1000llm-create
Range: <=2.5.7458

Patches

Vulnerability mechanics

References

www.exploit-db.com/exploits/43158/nvdExploitThird Party AdvisoryVDB Entry
www.keiththome.com/rtc-1000-vuln/nvdExploitMitigationTechnical DescriptionThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000