Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHimanshu MehtaPACKETSTORM:145159
HistoryNov 30, 2017 - 12:00 a.m.

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting

2017-11-3000:00:00
Himanshu Mehta
packetstormsecurity.com
39

0.001 Low

EPSS

Percentile

41.9%

JSON
`*1. Introduction*  
  
Vendor: ZKTeco  
Affected Product: ZKTime Web - 2.0.1.12280  
Fixed in:  
Vendor Website: https://www.zkteco.com/product/ZKTime_Web_2.0_435.html  
Vulnerability Type: Reflected XSS  
Remote Exploitable: Yes  
CVE: CVE-2017-17057  
*2. Overview*  
  
There is a reflected XSS vulnerability in ZKTime Web. The  
vulnerability exists due to insufficient filtration of user-supplied data.  
A remote attacker can execute arbitrary HTML and script code in browser in  
context of the vulnerable application.  
  
*3. Affected Modules*  
  
Go to  
Personnel -> Personnel -> Advanced Query ->  
  
Select Search Field as 'Department' and in 'Range' field mention  
'<script>alert('XSS')</script>  
  
*4. Payload*  
<script>alert('XSS')</script>  
  
  
*5. Credit*  
Himanshu Mehta (@LionHeartRoxx)  
`

Related

cvelist 1
nvd 1
prion 1
cve 1
zdt 1
openvas 1
cvelist
cvelist
CVE-2017-17057
2017-12-04 14:00:00
nvd
nvd
CVE-2017-17057
2017-12-04 14:29:00
prion
prion
Cross site scripting
2017-12-04 14:29:00
cve
cve
CVE-2017-17057
2017-12-04 14:29:00
zdt
zdt
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability
2017-12-01 00:00:00
openvas
openvas
ZKTeco ZKTime Web Multiple Vulnerabilities
2017-12-05 00:00:00

0.001 Low

EPSS

Percentile

41.9%

JSON
Related for PACKETSTORM:145159
cvelist1nvd1prion1cve1zdt1openvas1