CVE-2024-6006

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Jun 15, 2024

Updated: Jun 17, 2024

CWE ID 79

Summary

CVE-2024-6cross-site scripting vulnerability (CVE-2024-6006) has been identified in ZKTeco ZKBio CVSecurity V5000 4.1.0. This issue, rated as problematic, affects an unspecified functionality of the component Summer Schedule Handler. Manipulation of the Schedule Name argument can lead to cross-site scripting, potentially enabling remote attacks. The vulnerability has been disclosed to the public, increasing the risk of exploitation, and is identified as VDB-268694. Despite early contact, the vendor has not responded to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/weKTvo
https://www.cve.org/CVERecord?id=CVE-2024-6006
https://nvd.nist.gov/vuln/detail/CVE-2024-6006

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-6006

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations