Zkteco Zkaccess Security System

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2016-20032 MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in ZKTeco ZKAccess Security System 5.3.1 that allows remote attackers to inject malicious scripts via the 'holiday_name' and 'memo' POST parameters without authentication. Multiple public proof-of-concept exploits are available, making this vulnerability actively exploitable in unpatched systems.

XSS Zkteco Zkaccess Security System

NVD Exploit-DB VulDB

CVSS 4.0

5.1

EPSS

0.0%

CVE-2016-20032

EPSS 0% CVSS 5.1

MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in ZKTeco ZKAccess Security System 5.3.1 that allows remote attackers to inject malicious scripts via the 'holiday_name' and 'memo' POST parameters without authentication. Multiple public proof-of-concept exploits are available, making this vulnerability actively exploitable in unpatched systems.

XSS Zkteco Zkaccess Security System

NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy