Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DzzOffice 跨站脚本漏洞
Vulnerability Description
DzzOffice是美国IBM(DzzOffice)公司的一个可提供在线协同办公套件功能的平台。该平台可为用于提供在线文档、表格、网盘、演示等功能。 IBM dzzoffice 存在跨站脚本漏洞,该漏洞源于在 webroot/dzz/attach/Uploader.class.php 中的所有上传函数中缺乏对输入数据的清理,Dzzoffice 2.02.1 版受到跨站点脚本 (XSS) 的影响,并在 content-type 在 webroot/dzz/attach/controller.php 中输出数
CVSS Information
N/A
Vulnerability Type
N/A