19 matches found
CVE-2024-41376
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...
CVE-2024-41376
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...
PT-2024-29384 · Dzzoffice · Dzzoffice
Name of the Vulnerable Software and Affected Versions: dzzoffice version 2.02.1 Description: The issue allows for Directory Traversal via the user/space/about.php endpoint. This means an attacker could potentially access files outside the intended directory structure by manipulating the input to...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice version 2.02.1, which stems from vulnerability to directory...
DzzOffice Cross-Site Scripting Vulnerability (CNVD-2024-15545)
DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice...
CVE-2024-29273
Affected software: dzzoffice 2.02.1 SC UTF8. Vulnerability: Stored XSS via an SVG payload uploaded to uploadfile/index.php, exploiting insufficient input filtering/escaping. Impact: could allow execution of arbitrary script in the victim’s browser (per CVE description; CVSS base 6.1, UI: Required...
DzzOffice 跨站脚本漏洞
DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...
DzzOffice Cross-Site Scripting Vulnerability (CNVD-2021-99270)
Dzzoffice is an open source office suite for enterprises and teams to build their own enterprise collaboration platform similar to "Google Enterprise Application Suite" and "Microsoft Office 365". Version 2.02.1 is vulnerable to a stored cross-site scripting vulnerability. An attacker can use the...
CVE-2021-40292
A Stored Cross Site Sripting XSS vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter...
Cross site scripting
A Stored Cross Site Sripting XSS vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter...
CVE-2021-40292
CVE-2021-40292 describes a stored cross-site scripting (XSS) vulnerability in DzzOffice 2.02.1 exploitable via the settingnew parameter. Multiple connected records confirm the issue and target version; no concrete exploitation details, impact scope, or remediation are provided in the supplied doc...
DzzOffice 跨站脚本漏洞
Dzzoffice is an open source office suite for enterprises and teams to build their own enterprise collaboration platform similar to "Google Enterprise Application Suite" and "Microsoft Office 365". Version 2.02.1 is vulnerable to a stored cross-site scripting vulnerability. An attacker can use the...
Cross site scripting
Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...
CVE-2021-40191
Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...
DzzOffice 跨站脚本漏洞
DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide features such as online documents, forms, webstores, presentations, and more. A cross-site scripting vulnerability exists in IBM...
DzzOffice 2.02.1 Cross Site Scripting
Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...
CVE-2021-3318
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter...
DzzOffice 跨站脚本漏洞
Dzzoffice is a set of open source office suite for enterprises, teams to build their own similar to the "Google Apps Suite", "Microsoft Office365" enterprise collaboration platform. A cross-site scripting vulnerability exists in attach/ajax.php in DzzOffice 2.02.1 and earlier versions. The...
Speedywiki 2.02.1 - Multiple Input Validation Vulnerabilities
Speedywiki 2.02.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/20976/info Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary...