Filtered by vendor Dzzoffice
Subscriptions
Filtered by product Dzzoffice
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39853 | 1 Dzzoffice | 1 Dzzoffice | 2024-09-04 | 6.5 Medium |
| SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | ||||
| CVE-2024-41376 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-06 | 8.8 High |
| dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. | ||||
| CVE-2020-19703 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2021-43673 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-04 | 6.1 Medium |
| dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). | ||||
| CVE-2021-40292 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-04 | 5.4 Medium |
| A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. | ||||
| CVE-2021-40191 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-04 | 5.4 Medium |
| Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php. | ||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-03 | 5.3 Medium |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | ||||
| CVE-2021-30203 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-03 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2021-3318 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-03 | 6.1 Medium |
| attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | ||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2024-08-03 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | ||||
Page 1 of 1.