Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zentao
(Easycorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-19 | CVE-2022-37700 | Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | Zentao | 7.5 | ||
| 2023-10-10 | CVE-2023-44826 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | Zentao | 5.4 | ||
| 2023-10-10 | CVE-2023-44827 | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | Zentao, Zentao_biz, Zentao_max | 8.8 | ||
| 2023-06-20 | CVE-2020-21268 | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | Zentao | 6.1 | ||
| 2023-04-04 | CVE-2020-22533 | Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter | Zentao | 6.1 | ||
| 2023-01-19 | CVE-2022-47745 | ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice. | Zentao | 8.8 | ||
| 2021-08-31 | CVE-2021-27557 | A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | Zentao | 4.3 | ||
| 2021-08-31 | CVE-2021-27558 | A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | Zentao | 6.1 | ||
| 2021-08-31 | CVE-2021-27556 | The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. | Zentao | 7.2 | ||
| 2021-08-12 | CVE-2020-28165 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | Zentao | 9.8 |