Vulnerabilities
Vulnerable Software
Zkteco:  Security Vulnerabilities
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-04
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
CVSS Score
8.0
EPSS Score
0.002
Published
2017-09-26
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVSS Score
7.5
EPSS Score
0.101
Published
2017-09-21


Contact Us

Shodan ® - All rights reserved