Zkoss : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-11-20
Updated
2013-11-20
CVE-2022-36537
Known exploited
Used for ransomware
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
Max CVSS
7.5
EPSS Score
95.86%
Published
2022-08-26
Updated
2023-03-03
CISA KEV Added
2023-02-27
2 vulnerabilities found