Lucene search
K

4 matches found

NVD
NVD
added 2017/12/04 2:29 p.m.35 views

CVE-2017-17057

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...

6.1CVSS6.2AI score0.01238EPSS
Exploits3References2
Cvelist
Cvelist
added 2017/12/04 2:0 p.m.35 views

CVE-2017-17057

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...

6.8AI score0.01238EPSS
Exploits3References2
CVE
CVE
added 2017/12/04 2:0 p.m.53 views

CVE-2017-17057

CVE-2017-17057 : A reflected Cross-Site Scripting (XSS) in ZKTeco ZKTime Web 2.0.1.12280, specifically in the Department module’s Range field of Personnel Advanced Query. The issue arises from insufficient filtration of user-supplied data, allowing remote attackers to inject arbitrary HTML/JavaSc...

6.1CVSS6.7AI score0.01238EPSS
Exploits3References2Affected Software1
Packet Storm
Packet Storm
added 2017/11/30 12:0 a.m.56 views

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting

Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE: CVE-2017-17057 2. Overview There is a reflected XSS vulnerability in ZKTime Web. The...

0.01238EPSS
Exploits3
Rows per page
Query Builder