Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
easycorp zentao vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24202
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows malicious users to execute arbitrary code via uploading a crafted .txt file.
Easycorp Zentao Max 4.10
Easycorp Zentao 18.10
Easycorp Zentao Biz 8.10
6.1
CVSSv3
CVE-2023-49394
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
Easycorp Zentao
6.1
CVSSv3
CVE-2023-6439
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. T...
Easycorp Zentao 18.8
5.4
CVSSv3
CVE-2023-46475
A Stored Cross-Site Scripting vulnerability exists in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
Easycorp Zentao 18.3
1 Github repository
5.4
CVSSv3
CVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local malicious user to obtain sensitive information via a crafted script.
Easycorp Zentao 18.6
1 Github repository
8.8
CVSSv3
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an malicious user to execute arbitrary code via a crafted script to the Office Conversion Settings function.
Easycorp Zentao Max
Easycorp Zentao Biz
Easycorp Zentao
6.1
CVSSv3
CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote malicious user to execute arbitrary code via the lastComment parameter.
Easycorp Zentao 11.6.4
6.1
CVSSv3
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote malicious user to execute arbitrary code via the lang parameter
Easycorp Zentao
8.8
CVSSv3
CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
Easycorp Zentao 18.0
Easycorp Zentao
1 Github repository
7.5
CVSSv3
CVE-2022-37700
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
Easycorp Zentao 15.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »