First published: Fri Dec 03 2021(Updated: )
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dzzoffice Dzzoffice | =2.02.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43673 is a Cross Site Scripting (XSS) vulnerability in dzzoffice version 2.02.1_SC_UTF8.
CVE-2021-43673 affects dzzoffice 2.02.1_SC_UTF8 by allowing an attacker to execute malicious scripts on a user's browser.
The severity level of CVE-2021-43673 is medium with a CVSS score of 6.1.
To fix the CVE-2021-43673 vulnerability, update dzzoffice to a version that includes the necessary security patches.
You can find more information about CVE-2021-43673 at the following reference: https://github.com/zyx0814/dzzoffice/issues/188