dzzoffice CVE Vulnerabilities & Metrics

Focus on dzzoffice vulnerabilities and metrics.

Last updated: 29 Jun 2025, 22:25 UTC

About dzzoffice Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dzzoffice. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dzzoffice CVEs: 10
Earliest CVE date: 27 Jan 2021, 18:15 UTC
Latest CVE date: 22 Mar 2024, 04:15 UTC

Latest CVE reference: CVE-2024-29273

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dzzoffice CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.99

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dzzoffice CVEs

These are the five CVEs with the highest CVSS scores for dzzoffice, sorted by severity first and recency.

CVE-2021-43673 dzzoffice Published on 03 Dec 2021, 12:15 UTC (CVSS: 4.3)
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
CVE-2020-19703 dzzoffice Published on 26 Aug 2021, 03:15 UTC (CVSS: 4.3)
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-3318 dzzoffice Published on 27 Jan 2021, 18:15 UTC (CVSS: 4.3)
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2021-40292 dzzoffice Published on 12 Oct 2021, 18:15 UTC (CVSS: 3.5)
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
CVE-2021-40191 dzzoffice Published on 11 Oct 2021, 14:15 UTC (CVSS: 3.5)
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

All CVEs for dzzoffice

CVE-2024-29273 dzzoffice vulnerability CVSS: 0 22 Mar 2024, 04:15 UTC

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.

CVE-2023-39853 dzzoffice vulnerability CVSS: 0 06 Jan 2024, 04:15 UTC

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.

CVE-2021-30205 dzzoffice vulnerability CVSS: 0 27 Jun 2023, 14:15 UTC

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.

CVE-2021-30203 dzzoffice vulnerability CVSS: 0 27 Jun 2023, 14:15 UTC

A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.

CVE-2022-43340 dzzoffice vulnerability CVSS: 0 27 Oct 2022, 20:15 UTC

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.

CVE-2021-43673 dzzoffice vulnerability CVSS: 4.3 03 Dec 2021, 12:15 UTC

dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).

CVE-2021-40292 dzzoffice vulnerability CVSS: 3.5 12 Oct 2021, 18:15 UTC

A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.

CVE-2021-40191 dzzoffice vulnerability CVSS: 3.5 11 Oct 2021, 14:15 UTC

Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

CVE-2020-19703 dzzoffice vulnerability CVSS: 4.3 26 Aug 2021, 03:15 UTC

A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2021-3318 dzzoffice vulnerability CVSS: 4.3 27 Jan 2021, 18:15 UTC

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.