6 matches found
CVE-2016-20032 ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...
CVE-2016-20032
The CVE-2016-20032 issue affects ZKTeco ZKAccess Security System version 5.3.1. A stored cross-site scripting vulnerability exists in which input supplied to the holiday_name and memo POST parameters is not properly sanitized, allowing an attacker to inject HTML/script that can be executed in a u...
PT-2026-25730
Name of the Vulnerable Software and Affected Versions ZKTeco ZKAccess Security System version 5.3.1 Description The ZKAccess Security System is susceptible to a stored cross-site scripting issue. This allows attackers to inject malicious payloads through the holiday name and memo POST parameters...
Biometric Shift Employee Management System Cross-Site Scripting Vulnerability
Biometric Shift Employee Management System is an employee management system. A cross-site scripting vulnerability exists in Biometric Shift Employee Management System. The vulnerability can be exploited via the index.php holidayname parameter in the editholiday operation...
CVE-2017-17989
Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...
Design/Logic Flaw
Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...