Vulnerabilities > Zkteco > Biotime > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-6523 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5 A vulnerability was found in ZKTeco BioTime up to 9.5.2. | 5.4 |
| 2022-11-30 | CVE-2022-38801 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | 5.4 |
| 2022-11-30 | CVE-2022-38802 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. | 6.2 |
| 2022-11-30 | CVE-2022-38803 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. | 6.8 |
| 2022-11-08 | CVE-2022-30515 | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |