提出 #358596: ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting情報

タイトル	ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting
説明	A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "Service Center/ Push Center/ Push Configuration" section. This vulnerability occurs when adding a new configuration and inserting the payload: "><img src=x onerror="alert``" in the "Configuration Name" field. By doing so, it is possible to bypass the existing filter and trigger a cross-site scripting attack. This allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to various malicious activities such as stealing session cookies, defacing web pages, or redirecting users to malicious sites.
ソース	⚠️ https://www.zkteco.com.br/zkbiocvsecurity/
ユーザー	Stux (UID 40142)
送信	2024年06月17日 16:03 (2 年 ago)
モデレーション	2024年06月26日 07:45 (9 days later)
ステータス	承諾済み
VulDBエントリ	269733 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Push Configuration Section Configuration Name クロスサイトスクリプティング]
ポイント	20

Want to know what is going to be exploited?

We predict KEV entries!