Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zkteco BioTime 跨站脚本漏洞
Vulnerability Description
Zkteco BioTime是中国Zkteco公司的一款功能强大的基于 web 的时间和出勤管理软件。 Zkteco BioTime 8.5.4之前版本存在安全漏洞,该漏洞源于容易受到不正确访问控制的影响,在将数据导出为PDF时,经过身份验证的员工可以通过将XSS漏洞利用到pdf生成器中来读取本地文件。
CVSS Information
N/A
Vulnerability Type
N/A