Ahmad kamaran hamoshwani
hamoshwani
/ CVE-2022-38803
Created
September 27, 2022 19:28
Employee can exploit XSS into local file read using PDF generator in Zkteco Biotime
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Advisory | |
| Topic: Employee can exploit XSS into local file read using PDF generator in Zkteco Biotime | |
| Category: Zkteco Biotime | |
| Module: webgui | |
| Announced: 01-09-2022 | |
| Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani | |
| CVE ID: CVE-2022-38803 | |
| Affects: BioTime - < 8.5.3 Build:20200816.447 |
hamoshwani
/ CVE-2022-38802
Last active
January 25, 2023 05:21
Administrator can exploit XSS into local file read using PDF generator in Zkteco Biotime
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Advisory | |
| Topic: Administrator can exploit XSS into local file read using PDF generator in Zkteco Biotime | |
| Category: Zkteco Biotime | |
| Module: webgui | |
| Announced: 01-09-2022 | |
| Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani | |
| CVE ID: CVE-2022-38802 | |
| Affects: BioTime - < 8.5.3 Build:20200816.447 |
hamoshwani
/ CVE-2022-38801
Last active
September 27, 2022 19:19
Employee can hijack an administrator session and cookies using blind cross-site scripting in Zkteco Biotime
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Advisory | |
| Topic: Employee can hijack an administrator session and cookies using blind cross-site scripting in Zkteco Biotime | |
| Category: Zkteco Biotime | |
| Module: webgui | |
| Announced: 01-09-2022 | |
| Credits: Ahmed Kameran From https://technobase.krd/ -- https://twitter.com/hamoshwani | |
| CVE ID: CVE-2022-38801 | |
| Affects: BioTime - < 8.5.3 Build:20200816.447 |