Vulnerabilities > Dzzoffice > Dzzoffice > 2.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-06 | CVE-2023-39853 | SQL Injection vulnerability in Dzzoffice 2.01 SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | 6.5 |
| 2021-01-27 | CVE-2021-3318 | Cross-site Scripting vulnerability in Dzzoffice attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | 4.3 |