Headline
CVE-2021-30203: dzzoffice 2.02.1_SC_UTF8 exists a XSS vulnerability · Issue #183 · zyx0814/dzzoffice
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.
without authorized.A xss vulnerability was discovered in dzzoffice 2.02.1_SC_UTF8
There is a Reflected XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter.
The value of the zero parameter only needs to be urlencoded three times to bypass the filter
/index.php?mod=system&op=orgtree&zero=abc%25253Cscript%25253Ealert%2525281%252529%25253C%25252Fscript%25253E