Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/zyx0814/dzzoffice/issues/196 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-11T13:34:42
Updated: 2024-08-04T02:27:31.869Z
Reserved: 2021-08-30T00:00:00
Link: CVE-2021-40191
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-11T14:15:07.600
Modified: 2024-11-21T06:23:45.190
Link: CVE-2021-40191
Redhat
No data.