Vulnerabilities > Easycorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-49394 | Open Redirect vulnerability in Easycorp Zentao Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | 6.1 |
| 2023-11-30 | CVE-2023-6439 | Cross-site Scripting vulnerability in Easycorp Zentao 18.8 A vulnerability classified as problematic was found in ZenTao PMS 18.8. | 6.1 |
| 2023-11-02 | CVE-2023-46475 | Cross-site Scripting vulnerability in Easycorp Zentao 18.3 A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code. | 5.4 |
| 2023-10-10 | CVE-2023-44826 | Cross-site Scripting vulnerability in Easycorp Zentao 18.6 Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | 5.4 |
| 2023-06-20 | CVE-2020-21268 | Cross-site Scripting vulnerability in Easycorp Zentao 11.6.4 Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | 6.1 |
| 2021-08-31 | CVE-2021-27557 | Cross-Site Request Forgery (CSRF) vulnerability in Easycorp Zentao 12.5.3 A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | 4.3 |
| 2021-08-31 | CVE-2021-27558 | Cross-site Scripting vulnerability in Easycorp Zentao 12.5.3 A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | 4.3 |