CVE-2022-38801 Information

Description

In Zkteco BioTime < 8.5.3 Build:20200816.447 an employee can hijack an administrator session and cookies using blind cross-site scripting.

Reference

https://www.zkteco.com/ https://gist.github.com/hamoshwani/5ac860dd6757440174f446c62b24653f