Vulnerabilities > Zend > Zendto

DATE CVE VULNERABILITY TITLE RISK
2021-03-02 CVE-2021-27888 Cross-site Scripting vulnerability in Zend Zendto
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
network
zend CWE-79
4.3
2020-03-24 CVE-2020-8986 Improper Check for Unusual or Exceptional Conditions vulnerability in Zend Zendto
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.
network
low complexity
zend CWE-754
7.5
2020-03-24 CVE-2020-8985 Cross-Site Request Forgery (CSRF) vulnerability in Zend Zendto
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
network
zend CWE-352
6.8
2020-03-24 CVE-2020-8984 Origin Validation Error vulnerability in Zend Zendto
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
network
low complexity
zend CWE-346
5.0
2018-12-20 CVE-2018-1000841 Cross-site Scripting vulnerability in Zend Zendto
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser..
network
zend CWE-79
4.3
2013-12-28 CVE-2013-6808 Cross-Site Scripting vulnerability in Zend Zendto
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
network
zend CWE-79
4.3