Shodan
Vulnerabilities
Vulnerable Software
Dzzoffice:  >> Dzzoffice  Security Vulnerabilities
CVE-2024-29273
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-22
CVE-2023-39853
SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-01-06
CVE-2021-30203
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-27
CVE-2021-30205
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-27
CVE-2022-43340
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-27
CVE-2021-43673
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-03
CVE-2021-40292
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-12
CVE-2021-40191
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-11
CVE-2020-19703
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-26
CVE-2021-3318
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-01-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved