CVE-2023-51157

Name of the Vulnerable Software and Affected Versions ZKTeco WDMS version 5.1.3 Pro

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. This enables the attacker to run any code and get sensitive info.

Recommendations For ZKTeco WDMS version 5.1.3 Pro, as a temporary workaround, consider restricting access to the Emp Name parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.