iWT FaceSentry Access Control System
0 remedies
cpe:2.3:h:iwt:facesentry_access_control_system:*:*:*:*:*:*:*, +1 more
0 remedies
- 6.4.8 build 264 (Algorithm A16)
- 5.7.2 build 568 (Algorithm A14)
- 5.7.0 build 539 (Algorithm A14)
iWT FaceSentry Access Control System Cross-Site Scripting Vulnerability
Vulnerability
A cross-site scripting vulnerability has been identified in the iWT FaceSentry Access Control System version 6.4.8. The issue arises in the 'msg' parameter of the 'pluginInstall.php' script, where user input is not properly validated. This flaw allows attackers to inject malicious scripts that are executed in the context of the user's browser, potentially leading to the theft of authentication cookies and facilitating phishing attacks.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the affected user.
Reproduction
To reproduce this vulnerability, send a GET request to 'pluginInstall.php' with a crafted 'msg' parameter that includes the desired JavaScript payload. Once the URL is accessed, the injected script will execute in the browser.
Added: Jan 8, 2026, 12:34 AM
Updated: Jan 8, 2026, 12:34 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
3.5exploitability
7.4remediation
0.0relevance
1.9threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.