제출 #358596: ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting정보

제목ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting
설명A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "Service Center/ Push Center/ Push Configuration" section. This vulnerability occurs when adding a new configuration and inserting the payload: "><img src=x onerror="alert``" in the "Configuration Name" field. By doing so, it is possible to bypass the existing filter and trigger a cross-site scripting attack. This allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to various malicious activities such as stealing session cookies, defacing web pages, or redirecting users to malicious sites.
원천⚠️ https://www.zkteco.com.br/zkbiocvsecurity/
사용자
 Stux (UID 40142)
제출2024. 06. 17. PM 04:03 (2 연령 ago)
모더레이션2024. 06. 26. AM 07:45 (9 days later)
상태수락
VulDB 항목269733 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Push Configuration Section Configuration Name 크로스 사이트 스크립팅]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!