Dzzoffice : Security Vulnerabilities CVSS score >= 5
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Max Base Score
8.8
Published
2022-10-27
Updated
2022-10-31
EPSS
0.12%
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
Max Base Score
6.1
Published
2021-12-03
Updated
2021-12-10
EPSS
0.08%
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
Max Base Score
5.4
Published
2021-10-12
Updated
2021-10-19
EPSS
0.06%
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Max Base Score
5.4
Published
2021-10-11
Updated
2021-10-18
EPSS
0.06%
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
Max Base Score
5.3
Published
2023-06-27
Updated
2023-07-05
EPSS
0.07%
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
Max Base Score
6.1
Published
2023-06-27
Updated
2023-07-05
EPSS
0.05%
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
Max Base Score
6.1
Published
2021-01-27
Updated
2022-04-26
EPSS
0.12%
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Max Base Score
6.1
Published
2021-08-26
Updated
2021-09-01
EPSS
0.08%
8 vulnerabilities found