Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
CVSS Score
9.8
EPSS Score
0.068
Published
2024-02-08
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-11-30
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04