Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-17057

Publish Date: 30 Nov 2017

Source

                							

                *1. Introduction*

Vendor:                ZKTeco
Affected Product:      ZKTime Web - 2.0.1.12280
Fixed in:
Vendor Website:        https://www.zkteco.com/product/ZKTime_Web_2.0_435.html
Vulnerability Type:    Reflected XSS
Remote Exploitable:    Yes
CVE:                   CVE-2017-17057
*2. Overview*

There is a reflected XSS vulnerability in ZKTime Web. The
vulnerability exists due to insufficient filtration of user-supplied data.
A remote attacker can execute arbitrary HTML and script code in browser in
context of the vulnerable application.

*3. Affected Modules*

Go to
Personnel -&gt; Personnel -&gt; Advanced Query -&gt;

Select Search Field as 'Department' and in 'Range' field mention
'&lt;script&gt;alert('XSS')&lt;/script&gt;

*4. Payload*
&lt;script&gt;alert('XSS')&lt;/script&gt;


*5. Credit*
Himanshu Mehta (@LionHeartRoxx)
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting

Vulmon Search

About

Products

Connect