Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities
Vulnerability Description
ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the context of the affected application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ZKTeco ZKBioSecurity 跨站脚本漏洞
Vulnerability Description
ZKTeco ZKBioSecurity是中国ZKTeco公司的一个基于 Web 的一体式平台。 ZKTeco ZKBioSecurity 3.0版本存在跨站脚本漏洞,该漏洞源于多个参数清理不当,可能导致攻击者注入恶意有效载荷执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A