CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.5%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2019-25277

Iwt » Facesentry Access Control System » Version: N/A

cpe:2.3:h:iwt:facesentry_access_control_system:-
Iwt » Facesentry Access Control System Firmware » Version: 5.7.0

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0
Iwt » Facesentry Access Control System Firmware » Version: 5.7.2

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2
Iwt » Facesentry Access Control System Firmware » Version: 6.4.8

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25277

Products

Pricing

Contact Us