CVE-2019-25277 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject…
Medium CVSS: 5.1

CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
Vendor
Iwt
Product
Facesentry Access Control System Firmware
CWE
CWE-79
Yayın Tarihi
2026-01-08 00:15:57
Güncelleme
2026-01-22 13:47:52
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Facesentry Access Control System Firmware MEDIUM Iwt 2026

Referanslar

https://cxsecurity.com/issue/WLB-2019070017 https://exchange.xforce.ibmcloud.com/vulnerabilities/163191 https://packetstormsecurity.com/files/153494 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5527.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5527.php