Vulnerabilities > Dzzoffice > Dzzoffice > 2.02.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-27 | CVE-2021-30203 | Cross-site Scripting vulnerability in Dzzoffice 2.02.1 A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
2023-06-27 | CVE-2021-30205 | Unspecified vulnerability in Dzzoffice 2.02.1 Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | 5.3 |
2022-10-27 | CVE-2022-43340 | Cross-Site Request Forgery (CSRF) vulnerability in Dzzoffice 2.02.1 A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | 8.8 |
2021-12-03 | CVE-2021-43673 | Cross-site Scripting vulnerability in Dzzoffice 2.02.1 dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. | 4.3 |
2021-10-12 | CVE-2021-40292 | Cross-site Scripting vulnerability in Dzzoffice 2.02.1 A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. | 3.5 |
2021-10-11 | CVE-2021-40191 | Cross-site Scripting vulnerability in Dzzoffice 2.02.1 Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php. | 3.5 |
2021-01-27 | CVE-2021-3318 | Cross-site Scripting vulnerability in Dzzoffice attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | 4.3 |