CVE-2021-3318: XSS
First published: Wed Jan 27 2021(Updated: )
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dzzoffice Dzzoffice | <=2.02.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2021-3318.
What is the title of this vulnerability?
The title of this vulnerability is 'attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.'
What is the severity of CVE-2021-3318?
The severity of CVE-2021-3318 is medium with a severity value of 6.1.
How can the attacker exploit this vulnerability?
The attacker can exploit this vulnerability by injecting malicious scripts through the 'editorid' parameter in the 'attach/ajax.php' file.
Are there any known fixes or patches for this vulnerability?
At the moment, there are no known fixes or patches available for CVE-2021-3318. It is recommended to update to a newer version of DzzOffice when a fix becomes available.
- collector/nvd-index
- vendor/dzzoffice
- canonical/dzzoffice dzzoffice
- version/dzzoffice dzzoffice/2.02.1