📦 Dzzoffice

DzzOffice v2.3.7 and earlier contains a SQL injection vulnerability in the explorer/groupmanage component that allows attackers to execute arbitrary SQL commands. This affects all organizations using ...

DzzOffice v2.3.7 and earlier contains an arbitrary file upload vulnerability in the UEditor component that allows attackers to upload malicious files to the server. This affects all installations usin...

CVE-2024-41376 is a directory traversal vulnerability in dzzoffice 2.02.1 that allows attackers to access arbitrary files on the server via the user/space/about.php endpoint. This affects all organiza...

This is a cross-site scripting (XSS) vulnerability in DzzOffice 2.3.x that allows low-privilege attackers to inject malicious JavaScript into comment editing templates. When victims open the editing p...