Vulnerabilities > Zkteco > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2023-51157 Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
network
low complexity
zkteco CWE-79
5.4
2024-07-05 CVE-2024-6523 Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5
A vulnerability was found in ZKTeco BioTime up to 9.5.2.
network
low complexity
zkteco CWE-79
5.4
2024-05-30 CVE-2024-35429 Path Traversal vulnerability in Zkteco Zkbio Cvsecurity 6.1.1
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
network
low complexity
zkteco CWE-22
6.5
2023-09-04 CVE-2023-4587 Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60.
local
low complexity
zkteco CWE-639
5.5
2023-08-03 CVE-2023-38958 Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
network
low complexity
zkteco CWE-863
5.3
2022-12-09 CVE-2022-44213 Cross-site Scripting vulnerability in Zkteco Automatic Data Master Server
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
zkteco CWE-79
4.8
2022-11-30 CVE-2022-38801 Cross-site Scripting vulnerability in Zkteco Biotime
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
network
low complexity
zkteco CWE-79
5.4
2022-11-30 CVE-2022-38802 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday.
network
low complexity
zkteco CWE-79
6.2
2022-11-30 CVE-2022-38803 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log.
network
low complexity
zkteco CWE-79
6.8
2022-11-08 CVE-2022-30515 Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.
network
low complexity
zkteco CWE-306
5.3