Medium severity4.8NVD Advisory· Published Jan 30, 2020· Updated Jun 17, 2026
CVE-2020-8496
CVE-2020-8496
Description
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kronos/Web Time and Attendancedescription
- Range: 4.1.x and later 4.x versions before 5.0
Patches
Vulnerability mechanics
References
2- www.nolanbkennedy.com/post/stored-xss-2-in-kronos-web-time-and-attendance-webtanvdExploitThird Party Advisory
- www.kronos.com/products/kronos-webtanvdProductVendor Advisory
News mentions
0No linked articles in our index yet.