CVE-2019-25419 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...

ZKTeco ZKBioSecurity Code Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Schedule Name that can lead to cross-site scripting...