CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6523 – ZKTeco BioTime system-group-add cross site scripting
https://notcve.org/view.php?id=CVE-2024-6523
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. • https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28 https://vuldb.com/?ctiid.270366 https://vuldb.com/?id.270366 https://vuldb.com/?submit.364104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30515
https://notcve.org/view.php?id=CVE-2022-30515
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. ZKTeco BioTime 8.5.4 le falta autenticación en las carpetas que contienen fotografías de empleados, lo que permite a un atacante verlas mediante la enumeración de nombres de archivos. • https://codingkoala.eu/posts/CVE202230515 https://www.zkteco.me/software-5 • CWE-306: Missing Authentication for Critical Function •