Zkteco Zkaccess Security System

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2016-20032 HIGH POC This Week

Stored cross-site scripting (XSS) vulnerability in ZKTeco ZKAccess Security System 5.3.1 that allows remote attackers to inject malicious scripts via the 'holiday_name' and 'memo' POST parameters without authentication. Multiple public proof-of-concept exploits are available, making this vulnerability actively exploitable in unpatched systems.

XSS Zkteco Zkaccess Security System

NVD Exploit-DB VulDB

CVSS 3.1

7.2

EPSS

0.0%

CVE-2016-20032

EPSS 0% CVSS 7.2

HIGH POC This Week

Stored cross-site scripting (XSS) vulnerability in ZKTeco ZKAccess Security System 5.3.1 that allows remote attackers to inject malicious scripts via the 'holiday_name' and 'memo' POST parameters without authentication. Multiple public proof-of-concept exploits are available, making this vulnerability actively exploitable in unpatched systems.

XSS Zkteco Zkaccess Security System

NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy