Vulnerabilities > Icontime > RTC 1000 Firmware > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-17 | CVE-2017-16819 | Cross-site Scripting vulnerability in Icontime Rtc-1000 Firmware A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | 3.5 |