Lucene search
+L

5 matches found

OSV
OSV
added 2023/06/27 2:15 p.m.16 views

CVE-2021-30205

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...

5.3CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2023/06/27 12:0 a.m.19 views

CVE-2021-30205

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1SCUTF8 allows unauthenticated attackers to browse departments and usernames...

5.6AI score0.00515EPSS
Exploits1References1
CVE
CVE
added 2023/06/27 12:0 a.m.37 views

CVE-2021-30203

Dzzoffice 2.02.1_SC_UTF8 is affected by a reflected XSS vulnerability in the zero parameter. The NVD entry (CVE-2021-30203) lists CVSSv3.1 base score 6.1 (MEDIUM) with network attack vector, no privileges required, user interaction required. Nuclei templates describe the issue and recommend upgra...

6.1CVSS6AI score0.00596EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/10/27 8:15 p.m.29 views

CVE-2022-43340

A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...

8.8CVSS0.0035EPSS
Exploits1References2
CVE
CVE
added 2022/10/27 12:0 a.m.59 views

CVE-2022-43340

CVE-2022-43340 affects dzzoffice version 2.02.1_SC_UTF8 and is described in connected sources as a CSRF vulnerability that lets an attacker arbitrarily create user accounts and grant Administrator rights to regular users. The root cause is a cross-site request forgery flaw in the account creation...

8.8CVSS8.7AI score0.0035EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder