First published: Wed Jan 27 2021(Updated: )
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dzzoffice Dzzoffice | <=2.02.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-3318.
The title of this vulnerability is 'attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.'
The severity of CVE-2021-3318 is medium with a severity value of 6.1.
The attacker can exploit this vulnerability by injecting malicious scripts through the 'editorid' parameter in the 'attach/ajax.php' file.
At the moment, there are no known fixes or patches available for CVE-2021-3318. It is recommended to update to a newer version of DzzOffice when a fix becomes available.