1 results (0.001 seconds)
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 1
CVE-2024-1706 – ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting
https://notcve.org/view.php?id=CVE-2024-1706
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input <marquee>hi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt https://vuldb.com/?ctiid.254396 https://vuldb.com/?id.254396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •