Medium severity6.1NVD Advisory· Published Dec 4, 2017· Updated Jun 17, 2026
CVE-2017-17057
CVE-2017-17057
Description
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:zkteco:zktime_web:2.0.1.12280:*:*:*:*:*:*:*
- Range: = 2.0.1.12280
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/145159/ZKTeco-ZKTime-Web-2.0.1.12280-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/102006nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.