RSS   Vulnerabilities for 'Dzzoffice'   RSS

2021-12-03
 
CVE-2021-43673

CWE-79
 

 
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).

 
2021-10-12
 
CVE-2021-40292

CWE-79
 

 
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.

 
2021-10-11
 
CVE-2021-40191

CWE-79
 

 
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

 
2021-08-26
 
CVE-2020-19703

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

 
2021-01-27
 
CVE-2021-3318

CWE-79
 

 
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top