Vulnerabilities > Zkteco > Biotime > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-05 CVE-2024-6523 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5
A vulnerability was found in ZKTeco BioTime up to 9.5.2.
network
low complexity
zkteco CWE-79
5.4
2022-11-30 CVE-2022-38801 Cross-site Scripting vulnerability in Zkteco Biotime
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
network
low complexity
zkteco CWE-79
5.4
2022-11-30 CVE-2022-38802 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday.
network
low complexity
zkteco CWE-79
6.2
2022-11-30 CVE-2022-38803 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log.
network
low complexity
zkteco CWE-79
6.8
2022-11-08 CVE-2022-30515 Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.
network
low complexity
zkteco CWE-306
5.3