CVE-2021-40292: XSS
First published: Tue Oct 12 2021(Updated: )
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dzzoffice Dzzoffice | =2.02.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-40292?
The severity of CVE-2021-40292 is medium, with a severity value of 5.4.
How does the Stored Cross Site Scripting (XSS) vulnerability in DzzOffice 2.02.1 via the settingnew parameter work?
The vulnerability allows an attacker to inject malicious scripts into a web application, which will be executed by other users viewing the affected page.
Is DzzOffice 2.02.1 the only affected version?
Yes, DzzOffice version 2.02.1 is the only version affected by this vulnerability.
How can I fix the Stored Cross Site Scripting (XSS) vulnerability in DzzOffice 2.02.1?
Update to a patched version of DzzOffice that has addressed the vulnerability.
Where can I find more information about CVE-2021-40292?
You can find more information about CVE-2021-40292 in the GitHub issue: https://github.com/zyx0814/dzzoffice/issues/195
- collector/nvd-index
- vendor/dzzoffice
- canonical/dzzoffice dzzoffice
- version/dzzoffice dzzoffice/2.02.1