Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2021-30205
Disclosure Date: June 27, 2023 (last updated February 25, 2025)
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
0
Attacker Value
Unknown
CVE-2021-30203
Disclosure Date: June 27, 2023 (last updated February 25, 2025)
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
0
Attacker Value
Unknown
CVE-2022-43340
Disclosure Date: October 27, 2022 (last updated February 24, 2025)
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
0
Attacker Value
Unknown
CVE-2021-43673
Disclosure Date: December 03, 2021 (last updated February 23, 2025)
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
0
Attacker Value
Unknown
CVE-2021-40292
Disclosure Date: October 12, 2021 (last updated February 23, 2025)
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
0
Attacker Value
Unknown
CVE-2021-40191
Disclosure Date: October 11, 2021 (last updated February 23, 2025)
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
0
Attacker Value
Unknown
CVE-2020-19703
Disclosure Date: August 26, 2021 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
0
