ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
CVSS
7.5
HIGH
Published
Aug 26, 2022
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for zkoss products.
Search results
Showing 1-2 of 2 vulnerabilities.
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
CVSS
7.5
HIGH
Published
Aug 26, 2022
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS
4.3
UNKNOWN
Published
Nov 20, 2013