113 matches found
CVE-2026-30695
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
EUVD-2026-12870
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2026-30695
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2026-30695
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2026-30695
The CVE-2026-30695 entry concerns a Cross-Site Scripting (XSS) vulnerability in the web-based configuration interface of Zucchetti Axess access control devices (models XA4, X3/X3BIO, X4, X7, XIO / i-door / i-door+). The issue is caused by improper sanitization of user-supplied input in the dirBro...
Zucchetti Axess 安全漏洞
Zucchetti Axess is a series of personnel access management systems developed by the Italian company Zucchetti. There is a security vulnerability in Zucchetti Axess, which stems from improper handling of user input for the dirBrowse parameter in the web configuration interface for the...
PT-2026-26088
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2026-30695
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2026-30695
A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...
CVE-2019-18204
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution...
CVE-2019-18206
A cross-site request forgery CSRF vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload...
CVE-2019-18205
Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...
CVE-2021-47722
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...
CVE-2021-47722
CVE-2021-47722 affects Zucchetti Axess CLOKI Access Control 1.64. The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to manipulate access control settings by tricking an authenticated user into loading a malicious page; no user interaction beyond visiting the attacke...
CVE-2021-47722 Zucchetti Axess CLOKI Access Control 1.64 Cross-Site Request Forgery
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...
CVE-2021-47722 Zucchetti Axess CLOKI Access Control 1.64 Cross-Site Request Forgery
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...
Zucchetti Axess CLOKI Access Control 跨站请求伪造漏洞
Zucchetti Axess CLOKI Access Control is an automation management software in access control terminals from Zucchetti, Italy. A cross-site request forgery vulnerability exists in Zucchetti Axess CLOKI Access Control version 1.64, which stems from a lack of validation of access control settings and...
PT-2025-52831
Name of the Vulnerable Software and Affected Versions Zucchetti Axess CLOKI Access Control version 1.64 Description The software contains a cross-site request forgery condition. This allows attackers to manipulate access control settings without user interaction. Attackers can create malicious we...
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...