CVE-2024-41376

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which originates from...

CVE-2025-63693

CVE-2025-63693 affects DzzOffice 2.3.x. The vulnerability resides in the comment editing template (dzz/comment/template/edit_form.htm), which does not adequately escape user-controllable data across HTML and JavaScript contexts. This can allow low-privilege attackers to craft comment content or r...

EUVD-2021-17135

Malware in sbrugna...

EUVD-2021-26649

Malware in sbrugna...

EUVD-2021-27376

Malware in sbrugna...

EUVD-2020-11603

Malware in sbrugna...

PT-2023-12139 · Dzzoffice · Dzzoffice

Name of the Vulnerable Software and Affected Versions: dzzoffice version 2.02.1 SC UTF8 Description: A reflected cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML by exploiting the zero parameter. Recommendations: For dzzoffice version 2.02.1 SC UTF8, consider...

CVE-2022-43340

A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...

DzzOffice Cross-Site Scripting Vulnerability

Dzzoffice is a set of open source office suite for enterprises, teams to build their own similar to the "Google Apps Suite", "Microsoft Office365" enterprise collaboration platform. A cross-site scripting vulnerability exists in attach/ajax.php in DzzOffice 2.02.1 and earlier versions. The...