SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-06
Updated
2024-01-11
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.14%
Published
2022-10-27
Updated
2022-10-31
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-12-03
Updated
2021-12-10
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-12
Updated
2021-10-19
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-11
Updated
2021-10-18
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-06-27
Updated
2023-07-05
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-27
Updated
2023-07-05
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-01-27
Updated
2022-04-26
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2021-08-26
Updated
2021-09-01
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!