Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
CVSS Score
9.8
EPSS Score
0.068
Published
2024-02-08
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-02
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04