PT-2026-25730 · Undefined · Undefined
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2016-20032
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZKTeco ZKAccess Security System version 5.3.1
Description
The ZKAccess Security System is susceptible to a stored cross-site scripting issue. This allows attackers to inject malicious payloads through the
holiday name and memo POST parameters. Successful exploitation can lead to the execution of arbitrary HTML and script code, potentially compromising user browser sessions and enabling the theft of sensitive information.Recommendations
Apply updates to address the issue in ZKAccess Security System version 5.3.1.
Sanitize the
holiday name and memo POST parameters to prevent the injection of malicious scripts.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined