Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dzzoffice Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43340 1 Dzzoffice 1 Dzzoffice 2022-10-31 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
CVE-2021-3318 1 Dzzoffice 1 Dzzoffice 2022-04-26 4.3 MEDIUM 6.1 MEDIUM
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2021-43673 1 Dzzoffice 1 Dzzoffice 2021-12-10 4.3 MEDIUM 6.1 MEDIUM
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
CVE-2021-40292 1 Dzzoffice 1 Dzzoffice 2021-10-19 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
CVE-2021-40191 1 Dzzoffice 1 Dzzoffice 2021-10-18 3.5 LOW 5.4 MEDIUM
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
CVE-2020-19703 1 Dzzoffice 1 Dzzoffice 2021-08-31 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.