CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11049 – ZKTeco ZKBio Time Image File photo direct request
https://notcve.org/view.php?id=CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1 https://vuldb.com/?ctiid.283662 https://vuldb.com/?id.283662 https://vuldb.com/?submit.435034 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6523 – ZKTeco BioTime system-group-add cross site scripting
https://notcve.org/view.php?id=CVE-2024-6523
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. • https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28 https://vuldb.com/?ctiid.270366 https://vuldb.com/?id.270366 https://vuldb.com/?submit.364104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6344 – ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
https://notcve.org/view.php?id=CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-269733 was assigned to this vulnerability. • https://vuldb.com/?ctiid.269733 https://vuldb.com/?id.269733 https://vuldb.com/?submit.358596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6006 – ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting
https://notcve.org/view.php?id=CVE-2024-6006
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.268694 https://vuldb.com/?id.268694 https://vuldb.com/?submit.351403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6005 – ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting
https://notcve.org/view.php?id=CVE-2024-6005
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.268693 https://vuldb.com/?id.268693 https://vuldb.com/?submit.351241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •