129 matches found
Dzzoffice 2.02.1 - Cross-Site Scripting
Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...
CVE-2024-41376
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
EUVD-2025-198083
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
EUVD-2025-198055
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which stems from...
EUVD-2025-198056
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and earlier is vulnerable to an Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. The core issue stems from a file upload mechanism in controller.php that allows uploading arbitrary files, potentially enabling remote code execution or other impact as described in p...