easysoft/zentaopms

easysoft/zentaopms

Releases395

Frequency2 weeks 1 day

Last Release 19 days ago

Stars1.62K

Zentao is an agile(scrum) project management system/tool, Free Upgrade Forever!

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-24216 ↗	Feb 8, 2024Thursday, 8 February 2024, 06:15	9.8 CRITICAL	—
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
CVE-2023-46475 ↗	Nov 2, 2023Thursday, 2 November 2023, 13:15	5.4 MEDIUM	—
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
CVE-2020-21268 ↗	Jun 20, 2023Tuesday, 20 June 2023, 15:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
CVE-2022-47745 ↗	Jan 19, 2023Thursday, 19 January 2023, 18:15	8.8 HIGH	—
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
CVE-2019-14731 ↗	Aug 7, 2019Wednesday, 7 August 2019, 00:15	—	3.5 LOW
An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.