Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
References
Link | Resource |
---|---|
https://infosecwriteups.com/xss-store-in-zkteco-welcome-to-wdms-3d5c8e1113f0 | Exploit Third Party Advisory |
Configurations
History
02 Oct 2024, 16:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zkteco
Zkteco wdms |
|
References | () https://infosecwriteups.com/xss-store-in-zkteco-welcome-to-wdms-3d5c8e1113f0 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:zkteco:wdms:5.1.3:*:*:*:*:*:*:* |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Sep 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 |
25 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-25 19:15
Updated : 2024-10-02 16:58
NVD link : CVE-2023-51157
Mitre link : CVE-2023-51157
CVE.ORG link : CVE-2023-51157
JSON object : View
Products Affected
zkteco
- wdms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')