CVE-2022-38803

CVSS V2 None CVSS V3 None
Description
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
Overview
  • CVE ID
  • CVE-2022-38803
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-30T14:15:10.907
  • Last Modified Date
  • 2022-12-02T17:18:55.753
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:zkteco:biotime:*:*:*:*:*:*:*:* 1 OR 8.5.4
References
Reference URL Reference Tags
https://gist.github.com/hamoshwani/44653bfe7b8cc461692a2f074b1ef475 Exploit Third Party Advisory
https://www.zkteco.com/ Product
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:40 Added to TrackCVE