Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2024-15545
HistoryMar 26, 2024 - 12:00 a.m.

DzzOffice Cross-Site Scripting Vulnerability (CNVD-2024-15545)

2024-03-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
dzzoffice
cross-site scripting
vulnerability
version 2.02.1
exploitation
user-supplied data
attacker
web script
html
payload
filtering
escaping
american company
big desk
online collaborative office suite.

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk (DzzOffice). The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice version 2.02.1 SC UTF8, which stems from the lack of effective filtering and escaping of user-supplied data by the application, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.

Related

cve 1
nvd 1
cvelist 1
cve
cve
CVE-2024-29273
2024-03-22 04:15:11
nvd
nvd
CVE-2024-29273
2024-03-22 04:15:11
cvelist
cvelist
CVE-2024-29273
2024-03-22 00:00:00

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CNVD-2024-15545
cve1nvd1cvelist1