Vulnerabilities > Easycorp > Zentao > 18.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24216 | Command Injection vulnerability in Easycorp Zentao Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 |
| 2023-11-02 | CVE-2023-46475 | Cross-site Scripting vulnerability in Easycorp Zentao 18.3 A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code. | 5.4 |