| Título | ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting |
|---|
| Descripción | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "Service Center/ Push Center/ Push Configuration" section. This vulnerability occurs when adding a new configuration and inserting the payload: "><img src=x onerror="alert``" in the "Configuration Name" field. By doing so, it is possible to bypass the existing filter and trigger a cross-site scripting attack. This allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to various malicious activities such as stealing session cookies, defacing web pages, or redirecting users to malicious sites. |
|---|
| Fuente | ⚠️ https://www.zkteco.com.br/zkbiocvsecurity/ |
|---|
| Usuario | Stux (UID 40142) |
|---|
| Sumisión | 2024-06-17 16:03 (hace 2 años) |
|---|
| Moderación | 2024-06-26 07:45 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 269733 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Push Configuration Section Configuration Name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|