exploitDog

CVE-2024-29273

Опубликовано: 22 мар. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.

Ссылки

https://github.com/zyx0814/dzzoffice/issues/244
Exploit
Issue Tracking
Third Party Advisory
https://github.com/zyx0814/dzzoffice/issues/244
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dzzoffice:dzzoffice:2.02.1_sc_utf8:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-35j4-3hfm-6mj2

CVSS3: 6.1

github

почти 2 года назад

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.

EPSS

Процентиль: 26%

0.00091

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79