Vulnerabilities > Dzzoffice > Dzzoffice > 2.02
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-26 | CVE-2020-19703 | Cross-site Scripting vulnerability in Dzzoffice 2.02 A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 4.3 |
2021-01-27 | CVE-2021-3318 | Cross-site Scripting vulnerability in Dzzoffice attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | 4.3 |