CNNVD-202601-1377 Information

CNNVD ID

CNNVD-202601-1377

Related CVE

CVE-2019-25277

• CNNVD Published: 2026-01-08

Description (Chinese)

iWT FaceSentry Access Control System是中国iWT公司的一个人脸识别门禁控制设备 iWT FaceSentry Access Control System 6.4.8版本存在跨站脚本漏洞，该漏洞源于对pluginInstall.php文件中msg参数未验证输入，可能导致跨站脚本攻击。

Description (English)

iWT FaceSentry Access Control Systems is a one-person face recognition door-control device for iWT. Version 6.4.8 of iWT FaceSentry Access Control System contains a cross-site script loophole, which originates from the non-validation of msg parameters in pulginInstall.php files, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

iWT

Published

2026-01-08

Last Modified

2026-02-24

References

https://cxsecurity.com/issue/WLB-2019070017 https://exchange.xforce.ibmcloud.com/vulnerabilities/163191 https://packetstormsecurity.com/files/153494 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5527.php