Lucene search
+L

132 matches found

nuclei
nuclei
added yesterday61 views

Dzzoffice 2.02.1 - Cross-Site Scripting

Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...

6.1CVSS6.5AI score0.00596EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/01/09 9:35 a.m.10 views

CVE-2024-41376

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...

8.8CVSS6.9AI score0.00959EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/19 12:11 a.m.29 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS7AI score0.00383EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/19 12:11 a.m.20 views

CVE-2025-63694

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...

9.8CVSS8AI score0.00343EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/19 12:10 a.m.13 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.4AI score0.00173EPSS
Exploits1References1
euvd
euvd
added 2025/11/18 9:32 p.m.7 views

EUVD-2025-198083

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

6.8AI score0.00173EPSS
Exploits1References3
nvd
nvd
added 2025/11/18 7:15 p.m.5 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS0.00173EPSS
Exploits1References2
nvd
nvd
added 2025/11/18 6:16 p.m.6 views

CVE-2025-63694

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...

9.8CVSS0.00343EPSS
Exploits1References2
nvd
nvd
added 2025/11/18 6:16 p.m.8 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS0.00383EPSS
Exploits1References2
osv
osv
added 2025/11/18 12:0 a.m.4 views

CVE-2025-63694

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...

9.8CVSS7.9AI score0.00343EPSS
Exploits1References4
osv
osv
added 2025/11/18 12:0 a.m.6 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS6.9AI score0.00383EPSS
Exploits1References4
osv
osv
added 2025/11/18 12:0 a.m.5 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.3AI score0.00173EPSS
Exploits1References4
cvelist
cvelist
added 2025/11/18 12:0 a.m.11 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

0.00173EPSS
Exploits1References2
cve
cve
added 2025/11/18 12:0 a.m.15 views

CVE-2025-63695

DzzOffice v2.3.7 and earlier is vulnerable to an Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. The core issue stems from a file upload mechanism in controller.php that allows uploading arbitrary files, potentially enabling remote code execution or other impact as described in p...

9.8CVSS6.6AI score0.00383EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.7 views

PT-2025-47383

Name of the Vulnerable Software and Affected Versions DzzOffice versions 2.3.x Description The comment editing template in DzzOffice does not properly sanitize user-supplied data when handling HTML and JavaScript strings. This allows a low-privilege attacker to inject and execute arbitrary...

6.8AI score0.00173EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/11/18 12:0 a.m.4 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

7AI score0.00173EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/11/18 12:0 a.m.5 views

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...

5.4CVSS6.1AI score0.00173EPSS
Exploits1References3
cve
cve
added 2025/11/18 12:0 a.m.15 views

CVE-2025-63694

DzzOffice v2.3.7 and earlier are affected by an SQL Injection vulnerability in the explorer/groupmanage component. The issue, documented across multiple feeds (CVE-2025-63694 and related advisories), affects versions prior to 2.3.8 and could allow manipulation of database queries via that functio...

9.8CVSS7.6AI score0.00343EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2025/11/18 12:0 a.m.5 views

EUVD-2025-198055

DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage...

7.5AI score0.00343EPSS
Exploits1References3
euvd
euvd
added 2025/11/18 12:0 a.m.6 views

EUVD-2025-198056

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

6.5AI score0.00383EPSS
Exploits1References3
Rows per page
Query Builder