biotime

8.5.4

SEMANTIC 2 CVEs

9.5.2

SEMANTIC 1 CVE

9.5.1

SEMANTIC 1 CVE

9.5.0

SEMANTIC 1 CVE

CVE-2024-6523

A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

UNKNOWN Jul 05, 2024

CVE-2023-51142

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.

HIGH Mar 21, 2024

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component

UNKNOWN Mar 21, 2024