Product
easycorp zentao
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-2552
CVE-2026-2551
CVE-2026-1884
CVE-2025-13789
CVE-2025-13787
CVE-2025-5114
CVE-2024-24216
CVE-2024-24202
CVE-2023-49394
CVE-2023-6439
CVE-2023-46475
CVE-2023-46376
CVE-2023-46375
CVE-2023-46491
CVE-2023-46374
CVE-2023-44827
CVE-2023-44826
CVE-2020-21268
CVE-2020-22533
CVE-2022-47745
CVE-2022-37700
CVE-2021-27558
CVE-2021-27557
CVE-2021-27556
CVE-2020-28165
CVE-2019-14731
<= 21.7.8
A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.ph
<= 21.7.8
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/co
<= 21.7.6
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/web
< 21.7.6
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The
< 21.7.7
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/contr
all versions
A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the func
>= 18.0 and <= 18.10
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /ap
all versions
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Ma
<= 4.1.3
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
all versions
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality
all versions
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field
<= 8.7
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
<= 4.1.3
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).
<= 4.1.3
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.
<= 4.1.3
ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).
<= 18.6
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacke
all versions
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted scrip
all versions
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComm
all versions
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
>= 16.4 and < 18.0
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constr
all versions
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL :
all versions
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various a
all versions
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fie
all versions
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting th
< 12.4.2
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary w
all versions
An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cooki