A cross-site scripting vulnerability exists in ZKTeco ZKBio Time version 8.0.7, which originates from the “Content” text field of the “Add New Message” module. Content" text field of the “Add New Message” module lacks effective filtering and escaping of user-supplied data, which can be exploited by attackers to cause cross-site scripting attacks.