131 matches found
Zkteco BioTime 安全漏洞
Zkteco BioTime is a powerful web-based time and attendance management software from the Chinese company Zkteco. A security vulnerability exists in Zkteco BioTime, which can be exploited by attackers to obtain sensitive information...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2022-38802
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2022-38802
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
Improper access control
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
Improper access control
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
Cross site scripting
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
PT-2022-24576 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: Zkteco BioTime versions prior to 8.5.3 Build:20200816.447 Description: The issue concerns Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can exploit XSS into a pdf generator when exporting data as a PDF to...
CVE-2022-38802
CVE-2022-38802 affects Zkteco BioTime
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
Zkteco BioTime 跨站脚本漏洞
Zkteco BioTime is a powerful web-based time and attendance management software from the Chinese company Zkteco. A security vulnerability exists in Zkteco BioTime versions prior to 8.5.4, which stems from vulnerability to incorrect access control, where an authenticated administrator can read a...
Zkteco BioTime 跨站脚本漏洞
Zkteco BioTime is a powerful web-based time and attendance management software from the Chinese company Zkteco. A security vulnerability exists in Zkteco BioTime versions prior to 8.5.4, which originates from an employee being able to hijack administrator sessions and cookies using blind cross-si...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
Zkteco BioTime 跨站脚本漏洞
Zkteco BioTime is a powerful web-based time and attendance management software from the Chinese company Zkteco. A security vulnerability exists in Zkteco BioTime versions prior to 8.5.4, which stems from susceptibility to incorrect access control, where an authenticated employee can read a local...
CVE-2022-38803
The CVE-2022-38803 issue affects Zkteco BioTime prior to 8.5.3 Build 20200816.447. Root cause: Incorrect Access Control allowing an authenticated user to cause cross-site scripting in the PDF export generator, enabling reading of local files when exporting data as a PDF. Impact: confidentiality o...
CVE-2022-38802
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...