Vulnerabilities > Zend > Zendto > 5.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27888 | Cross-site Scripting vulnerability in Zend Zendto ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters. | 4.3 |
| 2020-03-24 | CVE-2020-8986 | Improper Check for Unusual or Exceptional Conditions vulnerability in Zend Zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests. | 7.5 |
| 2020-03-24 | CVE-2020-8985 | Cross-Site Request Forgery (CSRF) vulnerability in Zend Zendto ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | 6.8 |
| 2020-03-24 | CVE-2020-8984 | Origin Validation Error vulnerability in Zend Zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | 5.0 |
| 2018-12-20 | CVE-2018-1000841 | Cross-site Scripting vulnerability in Zend Zendto Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. | 4.3 |