Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2023/06/27 2:15 p.m.10 views

CVE-2021-30205

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...

5.3CVSS7.2AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/06/27 12:0 a.m.6 views

CVE-2021-30203

A reflected cross-site scripting XSS vulnerability in the zero parameter of dzzoffice 2.02.1SCUTF8 allows attackers to execute arbitrary web scripts or HTML...

6.2AI score0.00904EPSS
Exploits1References1
CVE
CVEadded 2023/06/27 12:0 a.m.27 views

CVE-2021-30203

Dzzoffice 2.02.1_SC_UTF8 is affected by a reflected XSS vulnerability in the zero parameter. The NVD entry (CVE-2021-30203) lists CVSSv3.1 base score 6.1 (MEDIUM) with network attack vector, no privileges required, user interaction required. Nuclei templates describe the issue and recommend upgra...

6.1CVSS6AI score0.00904EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/06/27 12:0 a.m.11 views

CVE-2021-30205

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...

5.6AI score0.00197EPSS
Exploits1References1
NVD
NVDadded 2022/10/27 8:15 p.m.14 views

CVE-2022-43340

A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...

8.8CVSS0.00089EPSS
Exploits1References3
CVE
CVEadded 2022/10/27 12:0 a.m.53 views

CVE-2022-43340

CVE-2022-43340 affects dzzoffice version 2.02.1_SC_UTF8 and is described in connected sources as a CSRF vulnerability that lets an attacker arbitrarily create user accounts and grant Administrator rights to regular users. The root cause is a cross-site request forgery flaw in the account creation...

8.8CVSS8.7AI score0.00089EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2021/12/03 11:36 a.m.27 views

CVE-2021-43673

CVE-2021-43673 affects dzzoffice 2.02.1_SC_UTF8. A Cross Site Scripting (XSS) vulnerability exists in explorerfile.php where the exit(json_encode($return)) output is sent to the user. CVSS details in the sources show a MEDIUM severity (CVSS v2: 4.3; CVSS v3.1: 6.1). No remediation or patch inform...

6.1CVSS6AI score0.00223EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2021/12/03 11:36 a.m.10 views

CVE-2021-43673

dzzoffice 2.02.1SCUTF8 is affected by a Cross Site Scripting XSS vulnerability in explorerfile.php. The output of the exit function is printed for the user via exitjsonencode$return...

6.2AI score0.00223EPSS
Exploits1References1
CNNVD
CNNVDadded 2021/12/03 12:0 a.m.2 views

zyx0814 dzzoffice 跨站脚本漏洞

DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide online documents, forms, webstores, presentations, and other features. zyx0814 A cross-site scripting vulnerability exists in dzzoffic...

6.1CVSS5.9AI score0.00223EPSS
Exploits1References2
Rows per page
Query Builder