CVE-2024-6006 MEDIUM

CVE-2024-6006: ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting

Vendor Zkteco
Product ZKBio CVSecurity V5000
Weakness CWE-79 · XSS
Published June 15, 2024
Last update July 17, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version." This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

June 15, 2024 CVE published
July 17, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22764 WordPress WP Post Corrector Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-32130 WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) CVE-2025-23443 WordPress Author Showcase plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting