Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
easycorp zentao vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24202
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows malicious users to execute arbitrary code via uploading a crafted .txt file.
Easycorp Zentao Max 4.10
Easycorp Zentao 18.10
Easycorp Zentao Biz 8.10
NA
CVE-2023-49394
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
Easycorp Zentao
NA
CVE-2023-6439
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. T...
Easycorp Zentao 18.8
NA
CVE-2023-46475
A Stored Cross-Site Scripting vulnerability exists in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
Easycorp Zentao 18.3
1 Github repository
NA
CVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local malicious user to obtain sensitive information via a crafted script.
Easycorp Zentao 18.6
1 Github repository
NA
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an malicious user to execute arbitrary code via a crafted script to the Office Conversion Settings function.
Easycorp Zentao Max
Easycorp Zentao Biz
Easycorp Zentao
NA
CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote malicious user to execute arbitrary code via the lastComment parameter.
Easycorp Zentao 11.6.4
NA
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote malicious user to execute arbitrary code via the lang parameter
Easycorp Zentao
NA
CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
Easycorp Zentao 18.0
Easycorp Zentao
1 Github repository
NA
CVE-2022-37700
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
Easycorp Zentao 15.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »