Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco ZKAccess Security System 5.3.1 Stored XSS
Vulnerability Description
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ZKTeco ZKAccess Security System 跨站脚本漏洞
Vulnerability Description
ZKTeco ZKAccess Security System是中国熵基科技(ZKTeco)公司的一款门禁与安防管理系统。 ZKTeco ZKAccess Security System 5.3.1版本存在跨站脚本漏洞,该漏洞源于holiday_name和memo POST参数清理不当,可能导致攻击者注入恶意有效载荷执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A