Every CVE whose affected-product data names Zkteco Zktime Web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-17056 — CVSS 8.8 (high): The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()'…
CVE-2017-13129 — CVSS 8.0 (high): Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the…
CVE-2017-14680 — CVSS 7.5 (high): ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVE-2017-17057 — CVSS 6.1 (medium): There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied…