MidnightBSD

Advisories for zkoss

CVE-2013-5966 MEDIUM

Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zkoss zk_framework *
zkoss zk_framework 5.0.7.1
zkoss zk_framework 5.0.4
zkoss zk_framework 5.0.11
zkoss zk_framework 5.0.1
zkoss zk_framework 5.0.2
zkoss zk_framework 5.0.7
zkoss zk_framework 5.0.10
zkoss zk_framework 5.0.3
zkoss zk_framework 5.0.6
zkoss zk_framework 5.0.5
zkoss zk_framework 5.0.9
zkoss zk_framework 5.0.0
zkoss zk_framework 5.0.8
CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
zkoss zk_framework *