CVE-2024-29273

Name of the Vulnerable Software and Affected Versions dzzoffice version 2.02.1 SC UTF8

Description There is Stored Cross-Site Scripting (XSS) in the uploadfile to "index.php", with the XSS payload in an SVG document.

Recommendations For dzzoffice version 2.02.1 SC UTF8, consider disabling the upload of SVG documents to "index.php" until a patch is available. Restrict access to the uploadfile feature to minimize the risk of exploitation. Avoid using the vulnerable upload functionality in "index.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.