Angus Strom

**Name of the Vulnerable Software and Affected Versions** EasyCorp ZenTao version 12.5.3 **Description** The issue allows remote attackers with admin access to execute arbitrary code by setting the `type` parameter to `System` in the Cron job tab. **Recommendations** For EasyCorp ZenTao version 12.5.3, consider restricting access to the Cron job tab to prevent exploitation, and avoid setting the `type` parameter to `System` until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyCorp ZenTao version 12.5.3 **Description** A cross-site request forgery (CSRF) vulnerability in the Cron job tab allows attackers to update the fields of a Cron job. **Recommendations** For EasyCorp ZenTao version 12.5.3, consider disabling access to the Cron job tab until a patch is available to prevent exploitation of the CSRF vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyCorp ZenTao version 12.5.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script via various areas, such as `data-link-creator`. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For EasyCorp ZenTao version 12.5.3, consider restricting access to the `data-link-creator` area until a patch is available. As a temporary workaround, avoid using the `data-link-creator` feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.