ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: Platform: Personnel: Access: Elevator: Visitor: Video: Adms: Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identification and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced solution for a whole new user experience. Desc: ZKBioSecurity suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Microsoft Windows 7 Professional SP1 (EN) Apache-Coyote/1.1 Apache Tomcat/7.0.56 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5363 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5363.php 18.07.2016 -- GET /authRoleAction!getAll.action?packageName=auth&un=1468847752607_1814&systemCode=base&pager.posStart=0&pager.pageSize=50&xmlFileName=AuthGroup&filter:authGroupSet.id=1 HTTP/1.1 GET /authUserAction!getAll.action?packageName=auth&un=1468847752607_1814&systemCode=base&pager.posStart=0&pager.pageSize=50&xmlFileName=AuthGroup&filter:authGroupSet.id=1 HTTP/1.1 # Iranian Exploit DataBase = http://IeDb.Ir [2016-08-31]