Vulnerabilities > Dzzoffice

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-06	CVE-2023-39853	SQL Injection vulnerability in Dzzoffice 2.01 SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. network low complexity dzzoffice CWE-89	6.5
2023-06-27	CVE-2021-30203	Cross-site Scripting vulnerability in Dzzoffice 2.02.1 A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. network low complexity dzzoffice CWE-79	6.1
2023-06-27	CVE-2021-30205	Unspecified vulnerability in Dzzoffice 2.02.1 Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. network low complexity dzzoffice	5.3
2022-10-27	CVE-2022-43340	Cross-Site Request Forgery (CSRF) vulnerability in Dzzoffice 2.02.1 A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. network low complexity dzzoffice CWE-352	8.8
2021-12-03	CVE-2021-43673	Cross-site Scripting vulnerability in Dzzoffice 2.02.1 dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. network low complexity dzzoffice CWE-79	6.1
2021-10-12	CVE-2021-40292	Cross-site Scripting vulnerability in Dzzoffice 2.02.1 A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. network low complexity dzzoffice CWE-79	5.4
2021-10-11	CVE-2021-40191	Cross-site Scripting vulnerability in Dzzoffice 2.02.1 Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php. network low complexity dzzoffice CWE-79	5.4
2021-08-26	CVE-2020-19703	Cross-site Scripting vulnerability in Dzzoffice 2.02 A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. network low complexity dzzoffice CWE-79	6.1
2021-01-27	CVE-2021-3318	Cross-site Scripting vulnerability in Dzzoffice attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. network low complexity dzzoffice CWE-79	6.1

Vulnerabilities > Dzzoffice {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dzzoffice"}]}

Vulnerabilities > Dzzoffice