threat
engine
.sh
Back
·
··:··
Home
/
Product
/
dzzoffice
Product
dzzoffice
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-63693
<= 2.3.7
The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-con
5.4
MEDIUM
CVE-2025-63695
<= 2.3.7
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.
9.8
CRITICAL
CVE-2025-63694
<= 2.3.7
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.
9.8
CRITICAL
CVE-2024-41376
all versions
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
8.8
HIGH
CVE-2024-29273
all versions
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG
6.1
MEDIUM
CVE-2023-39853
all versions
SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and d
6.5
MEDIUM
CVE-2021-30205
all versions
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated atta
5.3
MEDIUM
CVE-2021-30203
all versions
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute
6.1
MEDIUM
CVE-2022-43340
all versions
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Adm
8.8
HIGH
CVE-2021-43673
all versions
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit fun
6.1
MEDIUM
CVE-2021-40292
all versions
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
5.4
MEDIUM
CVE-2021-40191
all versions
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload funct
5.4
MEDIUM
CVE-2020-19703
all versions
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web sc
6.1
MEDIUM
CVE-2021-3318
<= 2.02.1
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin