2 matches found
ZendTo Reflective Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A reflected cross-site scripting and cross-site request forgery vulnerability exists in the unlock.tpl unlock user feature in ZendTo prior to version 5.22-2...
CVE-2020-8985
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...