CVE-2024-1706 (GCVE-0-2024-1706)
Vulnerability from cvelistv5 – Published: 2024-02-21 18:00 – Updated: 2025-08-22 07:29
VLAI?
Summary
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input <marquee>hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: "ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio Access IVS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 |
Credits
Hussein Amer (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.254396"
},
{
"name": "VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.254396"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T19:40:22.669488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T19:40:34.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Department Name Search Bar"
],
"product": "ZKBio Access IVS",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Hussein Amer (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input \u003cmarquee\u003ehi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in ZKTeco ZKBio Access IVS bis 3.3.2 gefunden. Dies betrifft einen unbekannten Teil der Komponente Department Name Search Bar. Mit der Manipulation mit der Eingabe \u003cmarquee\u003ehi mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T07:29:38.911Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.254396"
},
{
"name": "VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.254396"
},
{
"name": "Submit #280083 | zkteco zkbio access IVS 3.3.2 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.280083"
},
{
"name": "Submit #280084 | zkteco zkbio access IVS 3.3.2 xss (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.280084"
},
{
"tags": [
"exploit"
],
"url": "https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt"
},
{
"tags": [
"related"
],
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/21"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-02-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-02-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-02-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T09:34:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-1706",
"datePublished": "2024-02-21T18:00:07.522Z",
"dateReserved": "2024-02-21T12:31:15.436Z",
"dateUpdated": "2025-08-22T07:29:38.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input \u003cmarquee\u003ehi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254396. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad fue encontrada en ZKTeco ZKBio Access IVS hasta 3.3.2 y clasificada como problem\\u00e1tica. Una funci\\u00f3n desconocida del componente Department Name Search Bar es afectada por esta vulnerabilidad. La manipulaci\\u00f3n con la entrada hi conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-254396. NOTA: Se contact\\u00f3 primeramente con el proveedor sobre esta divulgaci\\u00f3n, pero no respondi\\u00f3 de ninguna manera.\"}]",
"id": "CVE-2024-1706",
"lastModified": "2024-11-21T08:51:07.893",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2024-02-21T18:15:51.057",
"references": "[{\"url\": \"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.254396\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?id.254396\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?ctiid.254396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?id.254396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1706\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-02-21T18:15:51.057\",\"lastModified\":\"2025-08-22T08:15:29.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input \u003cmarquee\u003ehi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: \\\"ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess.\\\" This vulnerability only affects products that are no longer supported by the maintainer.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en ZKTeco ZKBio Access IVS hasta 3.3.2 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Department Name Search Bar es afectada por esta vulnerabilidad. La manipulaci\u00f3n con la entrada hi conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-254396. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zkteco:zkbio_access_ivs:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.2\",\"matchCriteriaId\":\"3F72FFB6-F055-42A3-8048-79CDAC6D9374\"}]}]}],\"references\":[{\"url\":\"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.254396\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://vuldb.com/?id.254396\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?submit.280083\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.280084\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.zkteco.com/en/Security_Bulletinsibs/21\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.254396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://vuldb.com/?id.254396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://vuldb.com/?id.254396\", \"name\": \"VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\", \"x_transferred\"]}, {\"url\": \"https://vuldb.com/?ctiid.254396\", \"name\": \"VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\", \"x_transferred\"]}, {\"url\": \"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\", \"tags\": [\"exploit\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:48:21.807Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1706\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-23T19:40:22.669488Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-23T19:40:26.449Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Hussein Amer (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"ZKTeco\", \"modules\": [\"Department Name Search Bar\"], \"product\": \"ZKBio Access IVS\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3.0\"}, {\"status\": \"affected\", \"version\": \"3.3.1\"}, {\"status\": \"affected\", \"version\": \"3.3.2\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-02-21T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2024-02-21T00:00:00.000Z\", \"value\": \"CVE reserved\"}, {\"lang\": \"en\", \"time\": \"2024-02-21T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-08-22T09:34:29.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.254396\", \"name\": \"VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.254396\", \"name\": \"VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.280083\", \"name\": \"Submit #280083 | zkteco zkbio access IVS 3.3.2 xss\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/?submit.280084\", \"name\": \"Submit #280084 | zkteco zkbio access IVS 3.3.2 xss (Duplicate)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.zkteco.com/en/Security_Bulletinsibs/21\", \"tags\": [\"related\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input \u003cmarquee\u003ehi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: \\\"ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess.\\\" This vulnerability only affects products that are no longer supported by the maintainer.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in ZKTeco ZKBio Access IVS bis 3.3.2 gefunden. Dies betrifft einen unbekannten Teil der Komponente Department Name Search Bar. Mit der Manipulation mit der Eingabe \u003cmarquee\u003ehi mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk erfolgen. Der Exploit wurde der \\u00d6ffentlichkeit bekannt gemacht und k\\u00f6nnte verwendet werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross Site Scripting\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-08-22T07:29:38.911Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1706\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-22T07:29:38.911Z\", \"dateReserved\": \"2024-02-21T12:31:15.436Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2024-02-21T18:00:07.522Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…