Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php
Vulnerability Description
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
iWT FaceSentry Access Control System 跨站脚本漏洞
Vulnerability Description
iWT FaceSentry Access Control System是中国iWT公司的一个人脸识别门禁控制设备 iWT FaceSentry Access Control System 6.4.8版本存在跨站脚本漏洞,该漏洞源于对pluginInstall.php文件中msg参数未验证输入,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A