CVE-2016-20027

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0

Description The software contains multiple reflected cross-site scripting issues that permit attackers to run arbitrary HTML and script code. This is achieved by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can create malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the application's context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.