2026-01-07 23:11:06
VulnCheck
PUBLISHED
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the msg parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.