PT-2024-29384 · Dzzoffice · Dzzoffice

Name of the Vulnerable Software and Affected Versions: dzzoffice version 2.02.1 Description: The issue allows for Directory Traversal via the user/space/about.php endpoint. This means an attacker could potentially access files outside the intended directory structure by manipulating the input to...

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice version 2.02.1, which stems from vulnerability to directory...

DzzOffice Cross-Site Scripting Vulnerability (CNVD-2024-15545)

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice...

DzzOffice 跨站脚本漏洞

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...

DzzOffice Cross-Site Scripting Vulnerability (CNVD-2021-99270)

Dzzoffice is an open source office suite for enterprises and teams to build their own enterprise collaboration platform similar to "Google Enterprise Application Suite" and "Microsoft Office 365". Version 2.02.1 is vulnerable to a stored cross-site scripting vulnerability. An attacker can use the...

DzzOffice 跨站脚本漏洞

Dzzoffice is an open source office suite for enterprises and teams to build their own enterprise collaboration platform similar to "Google Enterprise Application Suite" and "Microsoft Office 365". Version 2.02.1 is vulnerable to a stored cross-site scripting vulnerability. An attacker can use the...

Cross site scripting

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

DzzOffice 跨站脚本漏洞

DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide features such as online documents, forms, webstores, presentations, and more. A cross-site scripting vulnerability exists in IBM...

CVE-2021-3318

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter...