Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dzzoffice dzzoffice vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-3318
attach/ajax.php in DzzOffice up to and including 2.02.1 allows XSS via the editorid parameter.
Dzzoffice Dzzoffice
8.8
CVSSv3
CVE-2022-43340
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows malicious users to arbitrarily create user accounts and grant Administrator rights to regular users.
Dzzoffice Dzzoffice 2.02.1
6.5
CVSSv3
CVE-2023-39853
SQL Injection vulnerability in Dzzoffice version 2.01, allows remote malicious users to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.
Dzzoffice Dzzoffice 2.01
5.4
CVSSv3
CVE-2021-40191
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Dzzoffice Dzzoffice 2.02.1
5.4
CVSSv3
CVE-2021-40292
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
Dzzoffice Dzzoffice 2.02.1
1 Github repository
6.1
CVSSv3
CVE-2021-43673
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
Dzzoffice Dzzoffice 2.02.1
6.1
CVSSv3
CVE-2020-19703
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Dzzoffice Dzzoffice 2.02
6.1
CVSSv3
CVE-2021-30203
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows malicious users to execute arbitrary web scripts or HTML.
Dzzoffice Dzzoffice 2.02.1
5.3
CVSSv3
CVE-2021-30205
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated malicious users to browse departments and usernames.
Dzzoffice Dzzoffice 2.02.1
NA
CVE-2024-29273
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started