Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14 matches found

EUVD
EUVDadded 2026/03/16 3:30 p.m.13 views

EUVD-2016-10819

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS6AI score0.00259EPSS
Exploits1References7
CNNVD
CNNVDadded 2026/03/16 12:0 a.m.5 views

ZKTeco ZKAccess Security System 跨站脚本漏洞

ZKTeco ZKAccess Security System is an access control and security management system developed by ZKTeco Technology. Version 5.3.1 of ZKTeco ZKAccess Security System contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of the holidayname and memo POST...

7.2CVSS5.9AI score0.00259EPSS
Exploits1References6
Cvelist
Cvelistadded 2026/03/15 1:35 p.m.36 views

CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS0.00259EPSS
Exploits1References6
CVE
CVEadded 2026/03/15 1:35 p.m.18 views

CVE-2016-20032

The CVE-2016-20032 issue affects ZKTeco ZKAccess Security System version 5.3.1. A stored cross-site scripting vulnerability exists in which input supplied to the holiday_name and memo POST parameters is not properly sanitized, allowing an attacker to inject HTML/script that can be executed in a u...

7.2CVSS6AI score0.00259EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/03/15 1:35 p.m.4 views

CVE-2016-20032

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS6AI score0.00259EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 1:35 p.m.2 views

CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

7.2CVSS6AI score0.00259EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/03/15 12:0 a.m.13 views

PT-2026-25730

Name of the Vulnerable Software and Affected Versions ZKTeco ZKAccess Security System version 5.3.1 Description The ZKAccess Security System is susceptible to a stored cross-site scripting issue. This allows attackers to inject malicious payloads through the holiday name and memo POST parameters...

7.2CVSS5.5AI score0.00259EPSS
Exploits1References9
CNVD
CNVDadded 2018/01/02 12:0 a.m.1 views

Biometric Shift Employee Management System Cross-Site Scripting Vulnerability

Biometric Shift Employee Management System is an employee management system. A cross-site scripting vulnerability exists in Biometric Shift Employee Management System. The vulnerability can be exploited via the index.php holidayname parameter in the editholiday operation...

5.4CVSS6.4AI score0.00537EPSS
Exploits1References1
OSV
OSVadded 2017/12/30 4:29 a.m.4 views

CVE-2017-17989

Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...

5.4CVSS5.8AI score0.00537EPSS
Exploits1References1
Prion
Prionadded 2017/12/30 4:29 a.m.12 views

Design/Logic Flaw

Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...

3.5CVSS5.2AI score0.00537EPSS
Exploits1References1Affected Software1
CNVD
CNVDadded 2016/09/03 12:0 a.m.3 views

ZKTeco ZKAccess Security System 5.3.1 Persistent Cross-Site Scripting Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. ZKTeco ZKAccess Security System 5.3.1 persistent cross-site scripting vulnerability, which occurs due to failure to properly validate the "HOLIDAYNAME" and POST submit "memo" parameters when passing them to the user. The...

6.3AI score
Exploits0References1
NVD
NVDadded 2012/05/27 8:55 p.m.13 views

CVE-2012-2938

Multiple cross-site scripting XSS vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to 1 holidayadd.php or 2 holidayview.php...

4.3CVSS5.8AI score0.01811EPSS
Exploits1References6
Prion
Prionadded 2012/05/27 8:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to 1 holidayadd.php or 2 holidayview.php...

4.3CVSS6.1AI score0.01811EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2012/05/27 8:0 p.m.16 views

CVE-2012-2938

Multiple cross-site scripting XSS vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to 1 holidayadd.php or 2 holidayview.php...

5.8AI score0.01811EPSS
Exploits1References6
Rows per page
Query Builder