Search criteria
22 vulnerabilities found for zendto by zend
CVE-2021-47667 (GCVE-0-2021-47667)
Vulnerability from cvelistv5 – Published: 2025-04-05 00:00 – Updated: 2025-04-07 16:22
VLAI?
Summary
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47667",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:22:22.524055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:22:26.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZendTo",
"vendor": "Zend",
"versions": [
{
"lessThan": "6.10-7",
"status": "affected",
"version": "5.24-3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10-7",
"versionStartIncluding": "5.24-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T05:11:43.149Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-47667",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:22:26.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32352 (GCVE-0-2025-32352)
Vulnerability from cvelistv5 – Published: 2025-04-05 00:00 – Updated: 2025-04-07 16:21
VLAI?
Summary
A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt.
Severity ?
4.8 (Medium)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32352",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:21:42.742196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:21:46.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZendTo",
"vendor": "Zend",
"versions": [
{
"lessThan": "5.04-7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.04-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T05:14:40.030Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32352",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:21:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27888 (GCVE-0-2021-27888)
Vulnerability from cvelistv5 – Published: 2021-03-02 00:04 – Updated: 2024-08-03 21:33
VLAI?
Summary
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T00:04:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27888",
"datePublished": "2021-03-02T00:04:08",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8986 (GCVE-0-2020-8986)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8986",
"datePublished": "2020-03-24T20:12:27",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8985 (GCVE-0-2020-8985)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8985",
"datePublished": "2020-03-24T20:12:22",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8984 (GCVE-0-2020-8984)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
},
{
"name": "http://jul.es/pipermail/zendto/2020-January/003845.html",
"refsource": "MISC",
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8984",
"datePublished": "2020-03-24T20:12:07",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000841 (GCVE-0-2018-1000841)
Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim\u0027s browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.478148",
"DATE_REQUESTED": "2018-10-26T09:44:20",
"ID": "CVE-2018-1000841",
"REQUESTER": "lo@microlab.red",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim\u0027s browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000841",
"datePublished": "2018-12-20T15:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:53.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6808 (GCVE-0-2013-6808)
Vulnerability from cvelistv5 – Published: 2013-12-28 02:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.packetlabs.net/cve-2013-6808/",
"refsource": "MISC",
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"name": "http://www.zend.to/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6808",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-11-19T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47667 (GCVE-0-2021-47667)
Vulnerability from nvd – Published: 2025-04-05 00:00 – Updated: 2025-04-07 16:22
VLAI?
Summary
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47667",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:22:22.524055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:22:26.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZendTo",
"vendor": "Zend",
"versions": [
{
"lessThan": "6.10-7",
"status": "affected",
"version": "5.24-3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10-7",
"versionStartIncluding": "5.24-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T05:11:43.149Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-47667",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:22:26.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32352 (GCVE-0-2025-32352)
Vulnerability from nvd – Published: 2025-04-05 00:00 – Updated: 2025-04-07 16:21
VLAI?
Summary
A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt.
Severity ?
4.8 (Medium)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32352",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:21:42.742196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:21:46.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZendTo",
"vendor": "Zend",
"versions": [
{
"lessThan": "5.04-7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.04-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T05:14:40.030Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://projectblack.io/blog/zendto-nday-vulnerabilities/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32352",
"datePublished": "2025-04-05T00:00:00.000Z",
"dateReserved": "2025-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-07T16:21:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27888 (GCVE-0-2021-27888)
Vulnerability from nvd – Published: 2021-03-02 00:04 – Updated: 2024-08-03 21:33
VLAI?
Summary
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T00:04:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27888",
"datePublished": "2021-03-02T00:04:08",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8986 (GCVE-0-2020-8986)
Vulnerability from nvd – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8986",
"datePublished": "2020-03-24T20:12:27",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8985 (GCVE-0-2020-8985)
Vulnerability from nvd – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8985",
"datePublished": "2020-03-24T20:12:22",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8984 (GCVE-0-2020-8984)
Vulnerability from nvd – Published: 2020-03-24 20:12 – Updated: 2024-08-04 10:19
VLAI?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:12:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
},
{
"name": "http://jul.es/pipermail/zendto/2020-January/003845.html",
"refsource": "MISC",
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8984",
"datePublished": "2020-03-24T20:12:07",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000841 (GCVE-0-2018-1000841)
Vulnerability from nvd – Published: 2018-12-20 15:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim\u0027s browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.478148",
"DATE_REQUESTED": "2018-10-26T09:44:20",
"ID": "CVE-2018-1000841",
"REQUESTER": "lo@microlab.red",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim\u0027s browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000841",
"datePublished": "2018-12-20T15:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:53.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6808 (GCVE-0-2013-6808)
Vulnerability from nvd – Published: 2013-12-28 02:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zend.to/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zend.to/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.packetlabs.net/cve-2013-6808/",
"refsource": "MISC",
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"name": "http://www.zend.to/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.zend.to/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6808",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-11-19T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-27888
Vulnerability from fkie_nvd - Published: 2021-03-02 01:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://zend.to/changelog.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zend.to/changelog.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE643BC-F0D2-4213-992F-91D77B8130DD",
"versionEndIncluding": "6.05-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:6.06-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "09903718-8703-454A-B8A5-6BC8F5DCB5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:6.06-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "113516D5-D9B8-4C56-BC57-38F0C0114A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:6.06-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "60DE9A57-FF0A-41FA-9834-88B36DBE343E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters."
},
{
"lang": "es",
"value": "ZendTo versiones anteriores a 6.06-4 Beta, permite un ataque de tipo XSS durante el despliegue de una entrega en la que un nombre de archivo tiene caracteres no previstos"
}
],
"id": "CVE-2021-27888",
"lastModified": "2024-11-21T05:58:42.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-02T01:15:12.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8986
Vulnerability from fkie_nvd - Published: 2020-03-24 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://zend.to/changelog.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zend.to/changelog.php | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E510C95-DB58-4000-A755-306D8A13A05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97FAC5-C21A-49FA-B97F-4F1C81E03A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EA65A67E-C0DD-477C-A3F2-D40D20875BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F74E1CB4-B3BC-48FF-A4E1-172D7FDD02BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "91A76CC3-7D8E-4CE1-AC2E-AE6ACF6E9456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF5C019-8243-462C-A632-449847A454A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "824FC1B4-2F96-43E7-B759-4C20B871AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AF484D-2783-467F-B8F2-958ABC163984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0070A0EA-5054-4A80-933C-30E657F20901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "62C30A2D-A079-4727-9392-F6B098AE0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.56-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5261340-140A-468D-8042-B85AC1821977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "46E58AFE-D214-4F7E-A11D-BD7A24FD0F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D90BCAB-3EE1-4A53-8539-9C0B7D3684AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "85904FF2-1F6F-4EFE-BFF8-D5AB882A0C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D185FFE0-627D-408B-B70E-D75D2707F0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF8B5D7-AE77-4887-ABC4-A7DDE2467690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "751C4F79-D60F-4EBE-8655-F10F7252754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F5909E32-7989-4657-BA02-961D4E30B12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E498D1A6-5D52-4689-A9C3-E1A34E87A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5C0B26-5713-47FD-BB10-D8A66FE35844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.70-2:*:*:*:*:*:*:*",
"matchCriteriaId": "854C539A-C9C6-42B8-BE34-9AD10A146B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9C6AEF-9BAD-4649-9DFA-56D58B0016AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0F031D38-06ED-409C-951E-6F193704FA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F2C8D-1F1C-4B5B-B3EA-E612F3F0445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "24F9816B-8607-4EC5-ACB5-2C10B3593B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "333CB7A3-DCDD-41B8-99B9-94094ADBA244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "817089E0-B795-4155-9C9C-BBD494DD9A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6F9D6-EDD4-4EA2-B2CB-155066FE7FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A54C5-1AC1-4D00-9617-0B063232F19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "69723F09-27F9-4552-AD4F-4B78A4BA7680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.94:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD63D0-8A4D-4497-A208-627A62E2F28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E92086FD-7FE7-46E2-9430-87C78A0268AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84A13A-C889-4083-8441-1FE743847A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EF67-4D08-4DDC-B601-5D9F00464694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.03-3:*:*:*:*:*:*:*",
"matchCriteriaId": "006D7A44-8573-4FF6-BBE7-8C9518E143CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.05-2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D16A1-2481-4B47-A0FC-2FCF3153E47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.06-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5381907E-1341-4884-BC66-40ACEEC8B101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.07-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE0C7E6-B806-48E3-9F81-17A0929A4B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.08-4:*:*:*:*:*:*:*",
"matchCriteriaId": "F58C02DF-F24C-46CC-A096-57A24446EB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.09-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E025DC7D-5BF2-4B8D-97E3-6017C53FD82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-4:*:*:*:*:*:*:*",
"matchCriteriaId": "91377F42-3AE7-465C-AF97-13F5E3062A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D84D638-9921-45CD-961E-3DBC20516767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB5D444-17B1-4A66-AC98-9C9A85355310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F369D9-56FB-41F1-8D45-3565EBA98FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD0F3-C54A-4DFB-9C72-BACE392AB30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "289CB602-06A2-4DF7-B9DC-BAFD7FC1FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "81C93EF8-1189-49E9-AB98-58BA79E04F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-7:*:*:*:*:*:*:*",
"matchCriteriaId": "56B8A398-4A25-4C5B-95C8-7EE48FE72406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E93F880-9636-4D19-9EF9-D24EF990635D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-9:*:*:*:*:*:*:*",
"matchCriteriaId": "674611D3-EAB1-45AC-BD2A-890BDE07A57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "1620FA37-B729-43E5-B9C8-3D958EA09FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94AE99-BBA4-47CA-973D-FB1DEE759ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-12:*:*:*:*:*:*:*",
"matchCriteriaId": "AB110DEC-24EF-403D-99A3-B1F1A8E13E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-13:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB5A87-5929-45AB-9F58-CC769ED870A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "C29073D1-B17D-4E96-8F6A-D3164B4713CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9323C16-298F-4D0D-AF66-B1949B1D79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-6:*:*:*:*:*:*:*",
"matchCriteriaId": "850FEDEE-0069-4D30-B3D0-92248EA2E24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "413B0DBE-05C2-44A5-BD33-2D9772B17D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-2:*:*:*:*:*:*:*",
"matchCriteriaId": "F77D045B-66B7-46A4-9CF1-0F4E7BABF58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-3:*:*:*:*:*:*:*",
"matchCriteriaId": "F68017AA-9F66-46A1-9D50-8C9A3A94374A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-5:*:*:*:*:*:*:*",
"matchCriteriaId": "099D0807-8BD2-4F35-9479-EDDF4CE51891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-6:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF216D1-3FAF-4526-A0E1-C64301CF6A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6935891-556C-4C03-BE9C-1F9A8DF700F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.25-3:*:*:*:*:*:*:*",
"matchCriteriaId": "D665C6C3-FCF5-406D-8C2F-1299BB5603DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-1:*:*:*:*:*:*:*",
"matchCriteriaId": "33B4056A-418D-4E89-B0B2-D49C1FE965DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D04D9A6-D588-4393-975D-94C1C319B16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B93CC-63DB-4353-B74A-685EDB9C13DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-5:*:*:*:*:*:*:*",
"matchCriteriaId": "430E2A0D-A373-445D-9F46-BEF04A7D87A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-6:*:*:*:*:*:*:*",
"matchCriteriaId": "69B503FF-B49E-4C0B-ACAC-C83BEBDD272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D22FE479-1DC5-47F6-8D53-3D1EEC0F171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B4CD3A-E4F7-4C8F-92A2-527F6195ECDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-2:*:*:*:*:*:*:*",
"matchCriteriaId": "75C68607-4DA3-4FFB-9DA0-2D113E6C3E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7978E32-1102-41C0-9C40-9C5669358572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BCFB48-9532-44C9-BD29-697F75CDF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.01-5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9A93AE-9756-495B-8DB5-81517DB4CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.02-5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DA0E72-AC39-49C2-A943-9A7560B6FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.03-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6920B83A-227A-4589-A079-D770985B57E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.04-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D00D2212-C33D-4E3E-B63A-6D847AA46227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.09-13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C3C582-C753-4C79-8C43-908CAEE4A10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23015E-6261-4264-995F-04E717D0E45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-2:*:*:*:*:*:*:*",
"matchCriteriaId": "71DB7AF2-42DF-427B-8967-9DF5B4A3221B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "150EDCA8-AC17-4BB7-ACAD-E0565A6171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E16EF78-72CB-451F-9620-4A352B55686A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA77357-1521-4128-9945-F80E17C90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A6B52D-8DD1-4F07-AB59-A3F4EF7A1CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "139F1C8D-EDB5-4A6B-BBBA-B6B5E757AA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE87246E-983B-4C57-B5F6-09FE7233314D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "A7DBA217-6D72-4EF7-8EDC-51652DBFB337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE8A676F-A14B-438D-B29B-73E17FD5783D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "C245AEA9-318D-4332-8C60-BAC905D2851C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "DB518734-89A0-4013-BA78-DAED57D08E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "DBFEF7A1-B8FA-4E8E-84E7-A10F62608560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EB2416-213E-411A-9C6E-EF7746BB126A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-2:*:*:*:*:*:*:*",
"matchCriteriaId": "0259E131-F884-4D03-B040-FF2F10618E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "1EE99612-3D07-454D-9464-12CB4871B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4A84EFD-E355-40D8-BBC5-07B6BDF2634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.15-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E98E206-DC52-48F3-9C7A-66AD986E2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "11804D32-D5AB-4D1D-8AA0-C882EE3C48AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9C353FE-2B25-4979-96F2-2C154DF99147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE383161-CEE6-41AA-B4B8-24C1C2E4207B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "4986D341-DE24-4D03-8F1E-0DE68F83237E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "92DA6408-1649-42C2-98F5-027F5FF744AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CF3EE8A9-00CF-4682-93BB-80512D3B6A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFA1A19-337F-4DAD-B567-1A4B10220130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-2:*:*:*:*:*:*:*",
"matchCriteriaId": "243A496F-E854-4AE2-85A1-A0EC54CB7D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F090ECF-DBFD-460C-B61A-DFCC542649D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-4:*:*:*:*:*:*:*",
"matchCriteriaId": "90A4739E-2884-4CEF-9106-DDE1E5CF59FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "28EAB0A7-359A-401A-A319-54A4D933EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-6:*:*:*:*:*:*:*",
"matchCriteriaId": "3107F8A6-76C7-4F14-84BB-D02DE1F0B8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA15FA89-A668-4829-8BBE-1C2D444503D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "65FA2100-286B-46A9-949F-6224E5487BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.19-1:production:*:*:*:*:*:*",
"matchCriteriaId": "01B43454-DD28-4433-8D01-36835F6E23EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "B522FAD0-F5ED-4C1A-8F1C-E775E0F1CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "3EDCF613-6ACE-4122-A16E-9DB3D41AA32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "03445BE9-536E-4634-9FC0-649CE516D9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B34E8184-52EA-4071-880D-8EB331659C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CE17A727-94D0-43A1-B533-54268F9F8EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "FA985C38-CBB7-4ABA-91C0-628B6AB0DACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AF6F333-912F-41DD-80DD-2308531A12ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7DBA6B5B-ED2C-4DBD-96D8-49E60EEFF246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-1:production:*:*:*:*:*:*",
"matchCriteriaId": "AA94A3F4-B8BF-4566-B534-4C48A6CB4899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-2:production:*:*:*:*:*:*",
"matchCriteriaId": "1B5230E9-F91C-45BA-A429-60966473903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.22-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "6B3847E9-66AA-454D-95DA-FA54E8A4B838",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests."
},
{
"lang": "es",
"value": "La biblioteca lib/NSSDropbox.php en ZendTo versiones anteriores a 5.22-2 Beta, present\u00f3 un fallo en comprobaci\u00f3n de igualdad de forma apropiada cuando se valida la cookie de sesi\u00f3n, permitiendo a un atacante conseguir acceso administrativo con una gran cantidad de peticiones."
}
],
"id": "CVE-2020-8986",
"lastModified": "2024-11-21T05:39:46.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-24T21:15:15.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8985
Vulnerability from fkie_nvd - Published: 2020-03-24 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://zend.to/changelog.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zend.to/changelog.php | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E510C95-DB58-4000-A755-306D8A13A05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97FAC5-C21A-49FA-B97F-4F1C81E03A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EA65A67E-C0DD-477C-A3F2-D40D20875BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F74E1CB4-B3BC-48FF-A4E1-172D7FDD02BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "91A76CC3-7D8E-4CE1-AC2E-AE6ACF6E9456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF5C019-8243-462C-A632-449847A454A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "824FC1B4-2F96-43E7-B759-4C20B871AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AF484D-2783-467F-B8F2-958ABC163984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0070A0EA-5054-4A80-933C-30E657F20901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "62C30A2D-A079-4727-9392-F6B098AE0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.56-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5261340-140A-468D-8042-B85AC1821977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "46E58AFE-D214-4F7E-A11D-BD7A24FD0F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D90BCAB-3EE1-4A53-8539-9C0B7D3684AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "85904FF2-1F6F-4EFE-BFF8-D5AB882A0C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D185FFE0-627D-408B-B70E-D75D2707F0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF8B5D7-AE77-4887-ABC4-A7DDE2467690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "751C4F79-D60F-4EBE-8655-F10F7252754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F5909E32-7989-4657-BA02-961D4E30B12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E498D1A6-5D52-4689-A9C3-E1A34E87A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5C0B26-5713-47FD-BB10-D8A66FE35844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.70-2:*:*:*:*:*:*:*",
"matchCriteriaId": "854C539A-C9C6-42B8-BE34-9AD10A146B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9C6AEF-9BAD-4649-9DFA-56D58B0016AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0F031D38-06ED-409C-951E-6F193704FA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F2C8D-1F1C-4B5B-B3EA-E612F3F0445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "24F9816B-8607-4EC5-ACB5-2C10B3593B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "333CB7A3-DCDD-41B8-99B9-94094ADBA244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "817089E0-B795-4155-9C9C-BBD494DD9A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6F9D6-EDD4-4EA2-B2CB-155066FE7FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A54C5-1AC1-4D00-9617-0B063232F19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "69723F09-27F9-4552-AD4F-4B78A4BA7680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.94:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD63D0-8A4D-4497-A208-627A62E2F28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E92086FD-7FE7-46E2-9430-87C78A0268AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84A13A-C889-4083-8441-1FE743847A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EF67-4D08-4DDC-B601-5D9F00464694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.03-3:*:*:*:*:*:*:*",
"matchCriteriaId": "006D7A44-8573-4FF6-BBE7-8C9518E143CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.05-2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D16A1-2481-4B47-A0FC-2FCF3153E47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.06-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5381907E-1341-4884-BC66-40ACEEC8B101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.07-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE0C7E6-B806-48E3-9F81-17A0929A4B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.08-4:*:*:*:*:*:*:*",
"matchCriteriaId": "F58C02DF-F24C-46CC-A096-57A24446EB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.09-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E025DC7D-5BF2-4B8D-97E3-6017C53FD82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-4:*:*:*:*:*:*:*",
"matchCriteriaId": "91377F42-3AE7-465C-AF97-13F5E3062A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D84D638-9921-45CD-961E-3DBC20516767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB5D444-17B1-4A66-AC98-9C9A85355310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F369D9-56FB-41F1-8D45-3565EBA98FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD0F3-C54A-4DFB-9C72-BACE392AB30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "289CB602-06A2-4DF7-B9DC-BAFD7FC1FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "81C93EF8-1189-49E9-AB98-58BA79E04F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-7:*:*:*:*:*:*:*",
"matchCriteriaId": "56B8A398-4A25-4C5B-95C8-7EE48FE72406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E93F880-9636-4D19-9EF9-D24EF990635D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-9:*:*:*:*:*:*:*",
"matchCriteriaId": "674611D3-EAB1-45AC-BD2A-890BDE07A57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "1620FA37-B729-43E5-B9C8-3D958EA09FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94AE99-BBA4-47CA-973D-FB1DEE759ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-12:*:*:*:*:*:*:*",
"matchCriteriaId": "AB110DEC-24EF-403D-99A3-B1F1A8E13E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-13:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB5A87-5929-45AB-9F58-CC769ED870A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "C29073D1-B17D-4E96-8F6A-D3164B4713CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9323C16-298F-4D0D-AF66-B1949B1D79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-6:*:*:*:*:*:*:*",
"matchCriteriaId": "850FEDEE-0069-4D30-B3D0-92248EA2E24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "413B0DBE-05C2-44A5-BD33-2D9772B17D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-2:*:*:*:*:*:*:*",
"matchCriteriaId": "F77D045B-66B7-46A4-9CF1-0F4E7BABF58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-3:*:*:*:*:*:*:*",
"matchCriteriaId": "F68017AA-9F66-46A1-9D50-8C9A3A94374A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-5:*:*:*:*:*:*:*",
"matchCriteriaId": "099D0807-8BD2-4F35-9479-EDDF4CE51891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-6:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF216D1-3FAF-4526-A0E1-C64301CF6A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6935891-556C-4C03-BE9C-1F9A8DF700F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.25-3:*:*:*:*:*:*:*",
"matchCriteriaId": "D665C6C3-FCF5-406D-8C2F-1299BB5603DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-1:*:*:*:*:*:*:*",
"matchCriteriaId": "33B4056A-418D-4E89-B0B2-D49C1FE965DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D04D9A6-D588-4393-975D-94C1C319B16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B93CC-63DB-4353-B74A-685EDB9C13DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-5:*:*:*:*:*:*:*",
"matchCriteriaId": "430E2A0D-A373-445D-9F46-BEF04A7D87A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-6:*:*:*:*:*:*:*",
"matchCriteriaId": "69B503FF-B49E-4C0B-ACAC-C83BEBDD272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D22FE479-1DC5-47F6-8D53-3D1EEC0F171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B4CD3A-E4F7-4C8F-92A2-527F6195ECDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-2:*:*:*:*:*:*:*",
"matchCriteriaId": "75C68607-4DA3-4FFB-9DA0-2D113E6C3E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7978E32-1102-41C0-9C40-9C5669358572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BCFB48-9532-44C9-BD29-697F75CDF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.01-5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9A93AE-9756-495B-8DB5-81517DB4CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.02-5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DA0E72-AC39-49C2-A943-9A7560B6FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.03-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6920B83A-227A-4589-A079-D770985B57E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.04-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D00D2212-C33D-4E3E-B63A-6D847AA46227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.09-13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C3C582-C753-4C79-8C43-908CAEE4A10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23015E-6261-4264-995F-04E717D0E45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-2:*:*:*:*:*:*:*",
"matchCriteriaId": "71DB7AF2-42DF-427B-8967-9DF5B4A3221B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "150EDCA8-AC17-4BB7-ACAD-E0565A6171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E16EF78-72CB-451F-9620-4A352B55686A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA77357-1521-4128-9945-F80E17C90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A6B52D-8DD1-4F07-AB59-A3F4EF7A1CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "139F1C8D-EDB5-4A6B-BBBA-B6B5E757AA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE87246E-983B-4C57-B5F6-09FE7233314D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "A7DBA217-6D72-4EF7-8EDC-51652DBFB337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE8A676F-A14B-438D-B29B-73E17FD5783D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "C245AEA9-318D-4332-8C60-BAC905D2851C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "DB518734-89A0-4013-BA78-DAED57D08E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "DBFEF7A1-B8FA-4E8E-84E7-A10F62608560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EB2416-213E-411A-9C6E-EF7746BB126A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-2:*:*:*:*:*:*:*",
"matchCriteriaId": "0259E131-F884-4D03-B040-FF2F10618E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "1EE99612-3D07-454D-9464-12CB4871B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4A84EFD-E355-40D8-BBC5-07B6BDF2634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.15-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E98E206-DC52-48F3-9C7A-66AD986E2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "11804D32-D5AB-4D1D-8AA0-C882EE3C48AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9C353FE-2B25-4979-96F2-2C154DF99147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE383161-CEE6-41AA-B4B8-24C1C2E4207B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "4986D341-DE24-4D03-8F1E-0DE68F83237E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "92DA6408-1649-42C2-98F5-027F5FF744AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CF3EE8A9-00CF-4682-93BB-80512D3B6A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFA1A19-337F-4DAD-B567-1A4B10220130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-2:*:*:*:*:*:*:*",
"matchCriteriaId": "243A496F-E854-4AE2-85A1-A0EC54CB7D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F090ECF-DBFD-460C-B61A-DFCC542649D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-4:*:*:*:*:*:*:*",
"matchCriteriaId": "90A4739E-2884-4CEF-9106-DDE1E5CF59FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "28EAB0A7-359A-401A-A319-54A4D933EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-6:*:*:*:*:*:*:*",
"matchCriteriaId": "3107F8A6-76C7-4F14-84BB-D02DE1F0B8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA15FA89-A668-4829-8BBE-1C2D444503D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "65FA2100-286B-46A9-949F-6224E5487BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.19-1:production:*:*:*:*:*:*",
"matchCriteriaId": "01B43454-DD28-4433-8D01-36835F6E23EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "B522FAD0-F5ED-4C1A-8F1C-E775E0F1CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "3EDCF613-6ACE-4122-A16E-9DB3D41AA32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "03445BE9-536E-4634-9FC0-649CE516D9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B34E8184-52EA-4071-880D-8EB331659C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CE17A727-94D0-43A1-B533-54268F9F8EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "FA985C38-CBB7-4ABA-91C0-628B6AB0DACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AF6F333-912F-41DD-80DD-2308531A12ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7DBA6B5B-ED2C-4DBD-96D8-49E60EEFF246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-1:production:*:*:*:*:*:*",
"matchCriteriaId": "AA94A3F4-B8BF-4566-B534-4C48A6CB4899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-2:production:*:*:*:*:*:*",
"matchCriteriaId": "1B5230E9-F91C-45BA-A429-60966473903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.22-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "6B3847E9-66AA-454D-95DA-FA54E8A4B838",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality."
},
{
"lang": "es",
"value": "ZendTo versiones anteriores a 5.22-2 Beta, permit\u00eda unos ataques de tipo XSS y CSRF reflejado por medio de la funcionalidad unlock user unlock.tpl."
}
],
"id": "CVE-2020-8985",
"lastModified": "2024-11-21T05:39:46.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-24T21:15:15.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8984
Vulnerability from fkie_nvd - Published: 2020-03-24 21:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://jul.es/pipermail/zendto/2020-January/003845.html | Third Party Advisory | |
| cve@mitre.org | https://zend.to/changelog.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jul.es/pipermail/zendto/2020-January/003845.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zend.to/changelog.php | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E510C95-DB58-4000-A755-306D8A13A05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97FAC5-C21A-49FA-B97F-4F1C81E03A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EA65A67E-C0DD-477C-A3F2-D40D20875BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F74E1CB4-B3BC-48FF-A4E1-172D7FDD02BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "91A76CC3-7D8E-4CE1-AC2E-AE6ACF6E9456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF5C019-8243-462C-A632-449847A454A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "824FC1B4-2F96-43E7-B759-4C20B871AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AF484D-2783-467F-B8F2-958ABC163984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0070A0EA-5054-4A80-933C-30E657F20901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "62C30A2D-A079-4727-9392-F6B098AE0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.56-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5261340-140A-468D-8042-B85AC1821977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "46E58AFE-D214-4F7E-A11D-BD7A24FD0F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D90BCAB-3EE1-4A53-8539-9C0B7D3684AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "85904FF2-1F6F-4EFE-BFF8-D5AB882A0C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D185FFE0-627D-408B-B70E-D75D2707F0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF8B5D7-AE77-4887-ABC4-A7DDE2467690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "751C4F79-D60F-4EBE-8655-F10F7252754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "F5909E32-7989-4657-BA02-961D4E30B12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E498D1A6-5D52-4689-A9C3-E1A34E87A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5C0B26-5713-47FD-BB10-D8A66FE35844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.70-2:*:*:*:*:*:*:*",
"matchCriteriaId": "854C539A-C9C6-42B8-BE34-9AD10A146B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9C6AEF-9BAD-4649-9DFA-56D58B0016AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0F031D38-06ED-409C-951E-6F193704FA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F2C8D-1F1C-4B5B-B3EA-E612F3F0445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "24F9816B-8607-4EC5-ACB5-2C10B3593B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "333CB7A3-DCDD-41B8-99B9-94094ADBA244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "817089E0-B795-4155-9C9C-BBD494DD9A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6F9D6-EDD4-4EA2-B2CB-155066FE7FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A54C5-1AC1-4D00-9617-0B063232F19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "69723F09-27F9-4552-AD4F-4B78A4BA7680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:3.94:*:*:*:*:*:*:*",
"matchCriteriaId": "18DD63D0-8A4D-4497-A208-627A62E2F28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E92086FD-7FE7-46E2-9430-87C78A0268AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84A13A-C889-4083-8441-1FE743847A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EF67-4D08-4DDC-B601-5D9F00464694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.03-3:*:*:*:*:*:*:*",
"matchCriteriaId": "006D7A44-8573-4FF6-BBE7-8C9518E143CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.05-2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D16A1-2481-4B47-A0FC-2FCF3153E47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.06-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5381907E-1341-4884-BC66-40ACEEC8B101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.07-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE0C7E6-B806-48E3-9F81-17A0929A4B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.08-4:*:*:*:*:*:*:*",
"matchCriteriaId": "F58C02DF-F24C-46CC-A096-57A24446EB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.09-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E025DC7D-5BF2-4B8D-97E3-6017C53FD82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-4:*:*:*:*:*:*:*",
"matchCriteriaId": "91377F42-3AE7-465C-AF97-13F5E3062A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D84D638-9921-45CD-961E-3DBC20516767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB5D444-17B1-4A66-AC98-9C9A85355310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F369D9-56FB-41F1-8D45-3565EBA98FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD0F3-C54A-4DFB-9C72-BACE392AB30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "289CB602-06A2-4DF7-B9DC-BAFD7FC1FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "81C93EF8-1189-49E9-AB98-58BA79E04F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-7:*:*:*:*:*:*:*",
"matchCriteriaId": "56B8A398-4A25-4C5B-95C8-7EE48FE72406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E93F880-9636-4D19-9EF9-D24EF990635D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-9:*:*:*:*:*:*:*",
"matchCriteriaId": "674611D3-EAB1-45AC-BD2A-890BDE07A57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "1620FA37-B729-43E5-B9C8-3D958EA09FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94AE99-BBA4-47CA-973D-FB1DEE759ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-12:*:*:*:*:*:*:*",
"matchCriteriaId": "AB110DEC-24EF-403D-99A3-B1F1A8E13E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-13:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB5A87-5929-45AB-9F58-CC769ED870A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "C29073D1-B17D-4E96-8F6A-D3164B4713CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9323C16-298F-4D0D-AF66-B1949B1D79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.12-6:*:*:*:*:*:*:*",
"matchCriteriaId": "850FEDEE-0069-4D30-B3D0-92248EA2E24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "413B0DBE-05C2-44A5-BD33-2D9772B17D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-2:*:*:*:*:*:*:*",
"matchCriteriaId": "F77D045B-66B7-46A4-9CF1-0F4E7BABF58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-3:*:*:*:*:*:*:*",
"matchCriteriaId": "F68017AA-9F66-46A1-9D50-8C9A3A94374A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-5:*:*:*:*:*:*:*",
"matchCriteriaId": "099D0807-8BD2-4F35-9479-EDDF4CE51891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-6:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF216D1-3FAF-4526-A0E1-C64301CF6A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.20-7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6935891-556C-4C03-BE9C-1F9A8DF700F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.25-3:*:*:*:*:*:*:*",
"matchCriteriaId": "D665C6C3-FCF5-406D-8C2F-1299BB5603DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-1:*:*:*:*:*:*:*",
"matchCriteriaId": "33B4056A-418D-4E89-B0B2-D49C1FE965DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D04D9A6-D588-4393-975D-94C1C319B16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B93CC-63DB-4353-B74A-685EDB9C13DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-5:*:*:*:*:*:*:*",
"matchCriteriaId": "430E2A0D-A373-445D-9F46-BEF04A7D87A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-6:*:*:*:*:*:*:*",
"matchCriteriaId": "69B503FF-B49E-4C0B-ACAC-C83BEBDD272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.27-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D22FE479-1DC5-47F6-8D53-3D1EEC0F171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B4CD3A-E4F7-4C8F-92A2-527F6195ECDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.28-2:*:*:*:*:*:*:*",
"matchCriteriaId": "75C68607-4DA3-4FFB-9DA0-2D113E6C3E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7978E32-1102-41C0-9C40-9C5669358572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.00-2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BCFB48-9532-44C9-BD29-697F75CDF226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.01-5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9A93AE-9756-495B-8DB5-81517DB4CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.02-5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DA0E72-AC39-49C2-A943-9A7560B6FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.03-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6920B83A-227A-4589-A079-D770985B57E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.04-7:*:*:*:*:*:*:*",
"matchCriteriaId": "D00D2212-C33D-4E3E-B63A-6D847AA46227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.09-13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C3C582-C753-4C79-8C43-908CAEE4A10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23015E-6261-4264-995F-04E717D0E45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.10-2:*:*:*:*:*:*:*",
"matchCriteriaId": "71DB7AF2-42DF-427B-8967-9DF5B4A3221B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "150EDCA8-AC17-4BB7-ACAD-E0565A6171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E16EF78-72CB-451F-9620-4A352B55686A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA77357-1521-4128-9945-F80E17C90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A6B52D-8DD1-4F07-AB59-A3F4EF7A1CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "139F1C8D-EDB5-4A6B-BBBA-B6B5E757AA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.11-6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE87246E-983B-4C57-B5F6-09FE7233314D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "A7DBA217-6D72-4EF7-8EDC-51652DBFB337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE8A676F-A14B-438D-B29B-73E17FD5783D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "C245AEA9-318D-4332-8C60-BAC905D2851C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "DB518734-89A0-4013-BA78-DAED57D08E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.12-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "DBFEF7A1-B8FA-4E8E-84E7-A10F62608560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-1:*:*:*:*:*:*:*",
"matchCriteriaId": "94EB2416-213E-411A-9C6E-EF7746BB126A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.13-2:*:*:*:*:*:*:*",
"matchCriteriaId": "0259E131-F884-4D03-B040-FF2F10618E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "1EE99612-3D07-454D-9464-12CB4871B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.14-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4A84EFD-E355-40D8-BBC5-07B6BDF2634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.15-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E98E206-DC52-48F3-9C7A-66AD986E2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "11804D32-D5AB-4D1D-8AA0-C882EE3C48AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9C353FE-2B25-4979-96F2-2C154DF99147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE383161-CEE6-41AA-B4B8-24C1C2E4207B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "4986D341-DE24-4D03-8F1E-0DE68F83237E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "92DA6408-1649-42C2-98F5-027F5FF744AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.16.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CF3EE8A9-00CF-4682-93BB-80512D3B6A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFA1A19-337F-4DAD-B567-1A4B10220130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-2:*:*:*:*:*:*:*",
"matchCriteriaId": "243A496F-E854-4AE2-85A1-A0EC54CB7D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F090ECF-DBFD-460C-B61A-DFCC542649D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-4:*:*:*:*:*:*:*",
"matchCriteriaId": "90A4739E-2884-4CEF-9106-DDE1E5CF59FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "28EAB0A7-359A-401A-A319-54A4D933EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.17-6:*:*:*:*:*:*:*",
"matchCriteriaId": "3107F8A6-76C7-4F14-84BB-D02DE1F0B8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA15FA89-A668-4829-8BBE-1C2D444503D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.18-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "65FA2100-286B-46A9-949F-6224E5487BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.19-1:production:*:*:*:*:*:*",
"matchCriteriaId": "01B43454-DD28-4433-8D01-36835F6E23EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "B522FAD0-F5ED-4C1A-8F1C-E775E0F1CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-2:beta:*:*:*:*:*:*",
"matchCriteriaId": "3EDCF613-6ACE-4122-A16E-9DB3D41AA32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-3:beta:*:*:*:*:*:*",
"matchCriteriaId": "03445BE9-536E-4634-9FC0-649CE516D9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-5:beta:*:*:*:*:*:*",
"matchCriteriaId": "B34E8184-52EA-4071-880D-8EB331659C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-6:beta:*:*:*:*:*:*",
"matchCriteriaId": "CE17A727-94D0-43A1-B533-54268F9F8EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-7:beta:*:*:*:*:*:*",
"matchCriteriaId": "FA985C38-CBB7-4ABA-91C0-628B6AB0DACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-8:beta:*:*:*:*:*:*",
"matchCriteriaId": "7AF6F333-912F-41DD-80DD-2308531A12ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.20-9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7DBA6B5B-ED2C-4DBD-96D8-49E60EEFF246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-1:production:*:*:*:*:*:*",
"matchCriteriaId": "AA94A3F4-B8BF-4566-B534-4C48A6CB4899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.21-2:production:*:*:*:*:*:*",
"matchCriteriaId": "1B5230E9-F91C-45BA-A429-60966473903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:5.22-1:beta:*:*:*:*:*:*",
"matchCriteriaId": "6B3847E9-66AA-454D-95DA-FA54E8A4B838",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header."
},
{
"lang": "es",
"value": "En la biblioteca lib/NSSDropbox.php en ZendTo versiones anteriores a 5.22-2 Beta, permiti\u00f3 la suplantaci\u00f3n de direcciones IP por medio del encabezado X-Fordered-For."
}
],
"id": "CVE-2020-8984",
"lastModified": "2024-11-21T05:39:46.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-24T21:15:15.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jul.es/pipermail/zendto/2020-January/003845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1000841
Vulnerability from fkie_nvd - Published: 2018-12-20 15:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://zend.to/changelog.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zend.to/changelog.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2C007B-7AF2-4130-9343-E38DEE8DB6B9",
"versionEndExcluding": "5.15-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim\u0027s browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
},
{
"lang": "es",
"value": "Zend.To, en versiones anteriores a la 5.15-1, contiene una vulnerabilidad Cross Site Scripting (XSS) en la p\u00e1gina verify.php que puede resultar en que un atacante podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el contexto del navegador de la v\u00edctima. Este ataque parece ser explotable mediante una petici\u00f3n HTTP POST. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 5.16-1 Beta."
}
],
"id": "CVE-2018-1000841",
"lastModified": "2024-11-21T03:40:28.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T15:29:01.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://zend.to/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6808
Vulnerability from fkie_nvd - Published: 2013-12-28 04:53 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zendto | * | |
| zend | zendto | 4.00 | |
| zend | zendto | 4.01 | |
| zend | zendto | 4.02 | |
| zend | zendto | 4.03-3 | |
| zend | zendto | 4.05-2 | |
| zend | zendto | 4.06-2 | |
| zend | zendto | 4.07-1 | |
| zend | zendto | 4.08-4 | |
| zend | zendto | 4.09-1 | |
| zend | zendto | 4.10-4 | |
| zend | zendto | 4.10-5 | |
| zend | zendto | 4.11-1 | |
| zend | zendto | 4.11-2 | |
| zend | zendto | 4.11-3 | |
| zend | zendto | 4.11-4 | |
| zend | zendto | 4.11-5 | |
| zend | zendto | 4.11-7 | |
| zend | zendto | 4.11-8 | |
| zend | zendto | 4.11-9 | |
| zend | zendto | 4.11-10 | |
| zend | zendto | 4.11-11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E53876E-C0FC-4211-8AEC-3FE1575EC11B",
"versionEndIncluding": "4.11-12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E92086FD-7FE7-46E2-9430-87C78A0268AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84A13A-C889-4083-8441-1FE743847A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB3EF67-4D08-4DDC-B601-5D9F00464694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.03-3:*:*:*:*:*:*:*",
"matchCriteriaId": "006D7A44-8573-4FF6-BBE7-8C9518E143CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.05-2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D16A1-2481-4B47-A0FC-2FCF3153E47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.06-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5381907E-1341-4884-BC66-40ACEEC8B101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.07-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE0C7E6-B806-48E3-9F81-17A0929A4B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.08-4:*:*:*:*:*:*:*",
"matchCriteriaId": "F58C02DF-F24C-46CC-A096-57A24446EB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.09-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E025DC7D-5BF2-4B8D-97E3-6017C53FD82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-4:*:*:*:*:*:*:*",
"matchCriteriaId": "91377F42-3AE7-465C-AF97-13F5E3062A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.10-5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D84D638-9921-45CD-961E-3DBC20516767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB5D444-17B1-4A66-AC98-9C9A85355310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F369D9-56FB-41F1-8D45-3565EBA98FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-3:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAD0F3-C54A-4DFB-9C72-BACE392AB30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-4:*:*:*:*:*:*:*",
"matchCriteriaId": "289CB602-06A2-4DF7-B9DC-BAFD7FC1FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-5:*:*:*:*:*:*:*",
"matchCriteriaId": "81C93EF8-1189-49E9-AB98-58BA79E04F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-7:*:*:*:*:*:*:*",
"matchCriteriaId": "56B8A398-4A25-4C5B-95C8-7EE48FE72406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E93F880-9636-4D19-9EF9-D24EF990635D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-9:*:*:*:*:*:*:*",
"matchCriteriaId": "674611D3-EAB1-45AC-BD2A-890BDE07A57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "1620FA37-B729-43E5-B9C8-3D958EA09FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zendto:4.11-11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94AE99-BBA4-47CA-973D-FB1DEE759ACB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) en lib / NSSDropoff.php en ZendTo anterior a 4,11-13, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un campo emailAddr modificado en pickup.php."
}
],
"id": "CVE-2013-6808",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-28T04:53:06.617",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.zend.to/changelog.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zend.to/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.packetlabs.net/cve-2013-6808/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}