Vulnerabilities > Zkteco > Zktime WEB > 2.0.1.12280

DATE CVE VULNERABILITY TITLE RISK
2017-12-04 CVE-2017-17057 Cross-site Scripting vulnerability in Zkteco Zktime web 2.0.1.12280
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280.
network
zkteco CWE-79
4.3
4.3
2017-12-04 CVE-2017-17056 Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI.
network
zkteco CWE-352
6.8
6.8
2017-09-26 CVE-2017-13129 Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
network
zkteco CWE-352
6.0
6.0
2017-09-21 CVE-2017-14680 Information Exposure vulnerability in Zkteco Zktime web 2.0.1.12280
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
network
low complexity
zkteco CWE-200
5.0
5.0