Dzzoffice: >> Dzzoffice Security Vulnerabilities
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-12
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-11
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-26
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-01-27
Page 2