Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Nov 19, 2025

CVE-2025-63693

Description

The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up.

Affected products

DzzOffice/DzzOfficedescription
Dzz/DzzOfficellm-create
Range: 2.3.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zyx0814/dzzoffice/issues/363mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000