CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6344 – ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
https://notcve.org/view.php?id=CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-269733 was assigned to this vulnerability. • https://vuldb.com/?ctiid.269733 https://vuldb.com/?id.269733 https://vuldb.com/?submit.358596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6006 – ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting
https://notcve.org/view.php?id=CVE-2024-6006
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.268694 https://vuldb.com/?id.268694 https://vuldb.com/?submit.351403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6005 – ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting
https://notcve.org/view.php?id=CVE-2024-6005
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.268693 https://vuldb.com/?id.268693 https://vuldb.com/?submit.351241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35429
https://notcve.org/view.php?id=CVE-2024-35429
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. ZKTeco ZKBio CVSecurity 6.1.1 es vulnerable a Directory Traversal a través de eventRecord. • https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35429.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-31: Path Traversal: 'dir\..\..\filename' •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35428
https://notcve.org/view.php?id=CVE-2024-35428
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. ZKTeco ZKBio CVSecurity 6.1.1 es vulnerable a Directory Traversal a través de BaseMediaFile. Un usuario autenticado puede eliminar archivos locales del servidor, lo que puede provocar DoS. • https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •