129 matches found
Dzzoffice 2.02.1 - Cross-Site Scripting
Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...
CVE-2024-41376
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
EUVD-2025-198083
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63694
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
EUVD-2025-198055
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...
PT-2025-47371
Name of the Vulnerable Software and Affected Versions DzzOffice versions prior to 2.3.8 Description DzzOffice versions 2.3.7 and before have a SQL Injection issue in the 'explorer/groupmanage' component. The issue allows for potential manipulation of database queries through the...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which originates from...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which stems from...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...