Vendor
Dzz
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63695 | 0.00 | — | 0.00 | Nov 18, 2025 | DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. | |||
| CVE-2025-63694 | 0.00 | — | 0.00 | Nov 18, 2025 | DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. | |||
| CVE-2025-63693 | 0.00 | — | 0.00 | Nov 18, 2025 | The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up. |
- CVE-2025-63695Nov 18, 2025risk 0.00cvss —epss 0.00
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.
- CVE-2025-63694Nov 18, 2025risk 0.00cvss —epss 0.00
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.
- CVE-2025-63693Nov 18, 2025risk 0.00cvss —epss 0.00
The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up.