Vulnerabilities > Zkteco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2023-51157 | Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | 5.4 |
| 2024-07-05 | CVE-2024-6523 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5 A vulnerability was found in ZKTeco BioTime up to 9.5.2. | 5.4 |
| 2024-05-30 | CVE-2024-35429 | Path Traversal vulnerability in Zkteco Zkbio Cvsecurity 6.1.1 ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | 6.5 |
| 2023-09-04 | CVE-2023-4587 | Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60 An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. | 5.5 |
| 2023-08-03 | CVE-2023-38958 | Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1 An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 5.3 |
| 2022-12-09 | CVE-2022-44213 | Cross-site Scripting vulnerability in Zkteco Automatic Data Master Server ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | 4.8 |
| 2022-11-30 | CVE-2022-38801 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | 5.4 |
| 2022-11-30 | CVE-2022-38802 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. | 6.2 |
| 2022-11-30 | CVE-2022-38803 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. | 6.8 |
| 2022-11-08 | CVE-2022-30515 | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |