Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-08-12