| Titel | ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting |
|---|
| Beschreibung | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "Service Center/ Push Center/ Push Configuration" section. This vulnerability occurs when adding a new configuration and inserting the payload: "><img src=x onerror="alert``" in the "Configuration Name" field. By doing so, it is possible to bypass the existing filter and trigger a cross-site scripting attack. This allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to various malicious activities such as stealing session cookies, defacing web pages, or redirecting users to malicious sites. |
|---|
| Quelle | ⚠️ https://www.zkteco.com.br/zkbiocvsecurity/ |
|---|
| Benutzer | Stux (UID 40142) |
|---|
| Einreichung | 17.06.2024 16:03 (vor 2 Jahren) |
|---|
| Moderieren | 26.06.2024 07:45 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 269733 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Push Configuration Section Configuration Name Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|