First published: Mon Oct 11 2021(Updated: )
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dzzoffice Dzzoffice | =2.02.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Dzzoffice Version 2.02.1 is CVE-2021-40191.
The severity level of CVE-2021-40191 is medium with a severity value of 5.4.
CVE-2021-40191 affects Dzzoffice Version 2.02.1 by allowing cross-site scripting (XSS) attacks due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and returning a wrong response in the content-type of output data in webroot/dzz/attach/controller.php.
CVE-2021-40191 affects Dzzoffice Version 2.02.1.
To fix the cross-site scripting (XSS) vulnerability in Dzzoffice Version 2.02.1, it is recommended to sanitize input data at all upload functions in webroot/dzz/attach/Uploader.class.php and ensure the correct response in the content-type of output data in webroot/dzz/attach/controller.php.