| عنوان | ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting |
|---|
| الوصف | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "Service Center/ Push Center/ Push Configuration" section. This vulnerability occurs when adding a new configuration and inserting the payload: "><img src=x onerror="alert``" in the "Configuration Name" field. By doing so, it is possible to bypass the existing filter and trigger a cross-site scripting attack. This allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to various malicious activities such as stealing session cookies, defacing web pages, or redirecting users to malicious sites. |
|---|
| المصدر | ⚠️ https://www.zkteco.com.br/zkbiocvsecurity/ |
|---|
| المستخدم | Stux (UID 40142) |
|---|
| ارسال | 17/06/2024 04:03 PM (2 سنوات منذ) |
|---|
| الاعتدال | 26/06/2024 07:45 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 269733 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Push Configuration Section Configuration Name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|