CVE-2024-1706 Vulnerability Details
/
/
/
CVE-2024-1706 Metadata Quick Info
CVE Published: 21/02/2024 |
CVE Updated: 23/08/2024 |
CVE Year: 2024
Source: VulDB |
Vendor: ZKTeco |
Product: ZKBio Access IVS
Status : PUBLISHED
CVE-2024-1706 Description
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input
hi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254396. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Metrics
CVSS Version: 3.1 |
Base Score: 3.5 LOW Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N l➤ Exploitability Metrics: Attack Vector (AV)* Attack Complexity (AC)* Privileges Required (PR)* User Interaction (UI)* Scope (S)* l➤ Impact Metrics: Confidentiality Impact (C)* Integrity Impact (I)* Availability Impact (A)* Weakness Enumeration (CWE)
CWE-ID: CWE-79 CWE Name: CWE-79 Cross Site Scripting Source: ZKTeco Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC Description:
Source: NVD (National Vulnerability Database).