5 matches found
CVE-2021-30205
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...
CVE-2021-30205
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...
CVE-2021-30203
Dzzoffice 2.02.1_SC_UTF8 is affected by a reflected XSS vulnerability in the zero parameter. The NVD entry (CVE-2021-30203) lists CVSSv3.1 base score 6.1 (MEDIUM) with network attack vector, no privileges required, user interaction required. Nuclei templates describe the issue and recommend upgra...
CVE-2022-43340
A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...
CVE-2022-43340
CVE-2022-43340 affects dzzoffice version 2.02.1_SC_UTF8 and is described in connected sources as a CSRF vulnerability that lets an attacker arbitrarily create user accounts and grant Administrator rights to regular users. The root cause is a cross-site request forgery flaw in the account creation...