Back to search
CVE-2017-16819
Published: Nov 17, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43158
exploit
x_refsource_EXPLOIT-DB
https://www.keiththome.com/rtc-1000-vuln/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now