Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-11T13:34:42

Updated: 2024-08-04T02:27:31.869Z

Reserved: 2021-08-30T00:00:00

Link: CVE-2021-40191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-11T14:15:07.600

Modified: 2024-11-21T06:23:45.190

Link: CVE-2021-40191

cve-icon Redhat

No data.