High severity7.2NVD Advisory· Published Mar 16, 2026· Updated Jun 8, 2026
CVE-2016-20032
CVE-2016-20032
Description
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =5.3.1
Patches
Vulnerability mechanics
References
6- cxsecurity.com/issue/WLB-2016090004nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/116479nvd
- packetstormsecurity.com/files/138572nvd
- www.exploit-db.com/exploits/40328/nvd
- www.vulncheck.com/advisories/zkteco-zkaccess-security-system-stored-xssnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.phpnvd
News mentions
0No linked articles in our index yet.