CVE-2016-20032 in ZKAccess Security System
Сводка
по MITRE • 16.03.2026
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.