CVE-2021-43673

Name of the Vulnerable Software and Affected Versions: dzzoffice version 2.02.1 SC UTF8

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the explorerfile.php file. This vulnerability affects the output of the exit function, which is printed for the user via exit(json encode($return)).

Recommendations: For dzzoffice version 2.02.1 SC UTF8, consider restricting access to the explorerfile.php file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the exit function with user-input data in the affected file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.