webTA is used by thousands of fed. employees.
I did a limited security review of a couple deployments. Because of certain
contractual limitations I have been able to verify XSS in its Project
Management module only, but I suspect it also exists in Vacation/Sick Leave
URLs: /servlet/com.threeis.webta.H710selProject and
Use these URLs to create project descriptions. No hex or html encoding or
anything fancy is necessary. Just type in the description field your favorite
XSS stuff - it will work.
I tested basic font changing html tags (test for
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to firstname.lastname@example.org.