Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
Vulnerability Description
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input <marquee>hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: "ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ZKTeco BioAccess IVS 跨站脚本漏洞
Vulnerability Description
ZKTeco BioAccess IVS是中国ZKTeco公司的一款基于Web的精简版安全平台。 ZKTeco BioAccess IVS 3.3.2及之前版本存在跨站脚本漏洞,该漏洞源于组件Department Name Search Bar存在跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A