Vulnerability Description
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2016090004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/116479
- https://packetstormsecurity.com/files/138572
- https://www.exploit-db.com/exploits/40328/
- https://www.vulncheck.com/advisories/zkteco-zkaccess-security-system-stored-xss
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php
FAQ
What is CVE-2016-20032?
CVE-2016-20032 is a vulnerability with a CVSS score of 7.2 (HIGH). ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the '...
How severe is CVE-2016-20032?
CVE-2016-20032 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-20032?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.