CVE-2021-27888

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
02/03/2021
Last modified:
09/03/2021

Description

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:* 6.05-4 (including)
cpe:2.3:a:zend:zendto:6.06-1:beta:*:*:*:*:*:*
cpe:2.3:a:zend:zendto:6.06-2:beta:*:*:*:*:*:*
cpe:2.3:a:zend:zendto:6.06-3:beta:*:*:*:*:*:*


References to Advisories, Solutions, and Tools