3 matches found
EUVD-2025-198083
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...
PT-2025-47383
Name of the Vulnerable Software and Affected Versions DzzOffice versions 2.3.x Description The comment editing template in DzzOffice does not properly sanitize user-supplied data when handling HTML and JavaScript strings. This allows a low-privilege attacker to inject and execute arbitrary...