Nolan B. Kennedy

**Name of the Vulnerable Software and Affected Versions** Kronos Web Time and Attendance (webTA) versions 3.8.x through 3.x before 4.0 **Description** A stored XSS issue affects the software via multiple input fields, including `Login Message`, `Banner Message`, and `Password Instructions`, of the `com.threeis.webta.H261configMenu` servlet. This can be exploited by an authenticated administrator. **Recommendations** For versions 3.8.x through 3.x before 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `com.threeis.webta.H261configMenu` servlet for authenticated administrators until a patch is available. Avoid using the vulnerable input fields (`Login Message`, `Banner Message`, and `Password Instructions`) in the affected servlet until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Kronos Web Time and Attendance (webTA) versions 4.1.x through 4.x before 5.0 **Description** The issue concerns a Stored XSS vulnerability. It can be triggered by setting the Application Banner input field of the "/ApplicationBanner" page as an authenticated administrator. **Recommendations** For versions 4.1.x through 4.x before 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/ApplicationBanner" page for authenticated administrators until a patch is available. Avoid using the Application Banner input field in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics NAV versions prior to 2017 **Description** The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability in the Web Time and Expense (WebTE) interface. This vulnerability can be exploited by a remote attacker to gain unauthorized access to arbitrary reports by specifying arbitrary values for the `recId` and `filename` parameters. The attacker can download arbitrary files using the `/Home/GetAttachment` function. **Recommendations** For Microsoft Dynamics NAV versions prior to 2017, update to a version 2017 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/Home/GetAttachment` function to minimize the risk of exploitation. Avoid using arbitrary values for the `recId` and `filename` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Verodin Director versions 3.5.3.0 and earlier **Description** The issue concerns Stored XSS that can be triggered via input fields of certain tooltips, and on specific pages such as Tags, Sequences, and Actors. **Recommendations** For versions 3.5.3.0 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.