4 matches found
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browse...
CVE-2017-17057
CVE-2017-17057 : A reflected Cross-Site Scripting (XSS) in ZKTeco ZKTime Web 2.0.1.12280, specifically in the Department module’s Range field of Personnel Advanced Query. The issue arises from insufficient filtration of user-supplied data, allowing remote attackers to inject arbitrary HTML/JavaSc...
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE: CVE-2017-17057 2. Overview There is a reflected XSS vulnerability in ZKTime Web. The...