6 matches found
CVE-2024-41376
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php...
CVE-2021-40292
A Stored Cross Site Sripting XSS vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter...
Cross site scripting
A Stored Cross Site Sripting XSS vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter...
CVE-2021-40292
CVE-2021-40292 describes a stored cross-site scripting (XSS) vulnerability in DzzOffice 2.02.1 exploitable via the settingnew parameter. Multiple connected records confirm the issue and target version; no concrete exploitation details, impact scope, or remediation are provided in the supplied doc...
CVE-2021-40191
Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...
DzzOffice 2.02.1 Cross Site Scripting
Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...