CVE-2016-20032 in ZKAccess Security Systemजानकारी

सारांश

द्वारा MITRE • 16/03/2026

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

स्रोत