CVE-2021-40191: XSS
First published: Mon Oct 11 2021(Updated: )
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dzzoffice Dzzoffice | =2.02.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Dzzoffice Version 2.02.1?
The vulnerability ID for Dzzoffice Version 2.02.1 is CVE-2021-40191.
What is the severity level of CVE-2021-40191?
The severity level of CVE-2021-40191 is medium with a severity value of 5.4.
How does CVE-2021-40191 affect Dzzoffice Version 2.02.1?
CVE-2021-40191 affects Dzzoffice Version 2.02.1 by allowing cross-site scripting (XSS) attacks due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and returning a wrong response in the content-type of output data in webroot/dzz/attach/controller.php.
Which software versions are affected by CVE-2021-40191?
CVE-2021-40191 affects Dzzoffice Version 2.02.1.
How can I fix the cross-site scripting (XSS) vulnerability in Dzzoffice Version 2.02.1?
To fix the cross-site scripting (XSS) vulnerability in Dzzoffice Version 2.02.1, it is recommended to sanitize input data at all upload functions in webroot/dzz/attach/Uploader.class.php and ensure the correct response in the content-type of output data in webroot/dzz/attach/controller.php.
- collector/nvd-index
- vendor/dzzoffice
- canonical/dzzoffice dzzoffice
- version/dzzoffice dzzoffice/2.02.1