CVE-2024-24257
- EPSS 0.39%
- Veröffentlicht 26.07.2024 17:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
CVE-2017-17056
- EPSS 0.74%
- Veröffentlicht 04.12.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 par...
CVE-2017-17057
- EPSS 1.24%
- Veröffentlicht 04.12.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execu...
- EPSS 1.08%
- Veröffentlicht 26.09.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
CVE-2017-14680
- EPSS 4.33%
- Veröffentlicht 21.09.2017 23:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.