Dzzoffice : Security Vulnerabilities CVSS score >= 6
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
| Max Base Score | 8.8 |
| Published | 2022-10-27 |
| Updated | 2022-10-31 |
| EPSS | 0.06% |
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
| Max Base Score | 6.1 |
| Published | 2021-08-26 |
| Updated | 2021-09-01 |
| EPSS | 0.08% |
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
| Max Base Score | 6.1 |
| Published | 2021-01-27 |
| Updated | 2022-04-26 |
| EPSS | 0.11% |
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
| Max Base Score | 6.1 |
| Published | 2023-06-27 |
| Updated | 2023-07-05 |
| EPSS | 0.05% |
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
| Max Base Score | 6.1 |
| Published | 2021-12-03 |
| Updated | 2021-12-10 |
| EPSS | 0.08% |
5 vulnerabilities found