Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
CVSS Score
9.8
EPSS Score
0.068
Published
2024-02-08
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-10
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-10-10
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04