{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:30:07.848","vulnerabilities":[{"cve":{"id":"CVE-2019-25277","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-01-08T00:15:57.760","lastModified":"2026-01-22T13:47:52.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks."},{"lang":"es","value":"El Sistema de Control de Acceso FaceSentry 6.4.8 contiene una vulnerabilidad de cross-site scripting en el parámetro 'msg' de pluginInstall.php que permite a los atacantes inyectar scripts maliciosos. Los atacantes pueden explotar la entrada no validada para ejecutar JavaScript arbitrario en los navegadores de las víctimas, potencialmente robando credenciales de autenticación y realizando ataques de phishing."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*","matchCriteriaId":"C64B12CF-265E-4FD8-9BCF-95843E5A885B"},{"vulnerable":true,"criteria":"cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*","matchCriteriaId":"A6913639-EBF7-4451-9052-71DB2B3DF925"},{"vulnerable":true,"criteria":"cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*","matchCriteriaId":"26BA8B79-F65D-4D30-8827-B893F500BF8C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*","matchCriteriaId":"EFE14646-6ED5-46DC-8A19-4F2358F784E5"}]}]}],"references":[{"url":"https://cxsecurity.com/issue/WLB-2019070017","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/163191","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/153494","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5527.php","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5527.php","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}