CVE-2016-20032 in ZKAccess Security System정보

요약

\~에 의해 MITRE • 2026. 03. 16.

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

VulnCheck

예약하다

2026. 03. 15.

공개

2026. 03. 16.

모더레이션

수락

항목

VDB-351131

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

7.2 (CNA)

EPSS

0.00016

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20032
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20032
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20032/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!