xuetang1125/OfficeWeb365

Releases0

Internet Collected POC

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48694 ↗	Nov 19, 2024Tuesday, 19 November 2024, 19:15	9.8 CRITICAL	—
File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component.
CVE-2024-37728 ↗	Sep 10, 2024Tuesday, 10 September 2024, 14:15	7.5 HIGH	—
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface