CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-17057

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/145159/ZKTeco-ZKTime-Web-2.0.1.12280-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/102006
http://packetstormsecurity.com/files/145159/ZKTeco-ZKTime-Web-2.0.1.12280-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/102006

Products affected by CVE-2017-17057

Zkteco » Zktime Web » Version: 2.0.1.12280

cpe:2.3:a:zkteco:zktime_web:2.0.1.12280

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17057

Products

Pricing

Contact Us