CNNVD-202511-1982 Information

CNNVD ID

CNNVD-202511-1982

Related CVE

CVE-2025-63693

• CNNVD Published: 2025-11-18

Description (Chinese)

DzzOffice是大桌子（DzzOffice）公司的一个可提供在线协同办公套件功能的平台。提供在线文档、表格、网盘、演示等功能。 DzzOffice 2.3.x版本存在安全漏洞，该漏洞源于评论编辑模板未正确转义用户数据，可能导致跨站脚本。

Description (English)

DzzOffice is a platform for the DzzOffice company to provide online teamwork. Provides online documentation, tables, webpads, presentations, etc. DzzOffice 2.3.x has a security loophole, which stems from the incorrect conversion of user data from the comment editing template, which may result in a cross-site script.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

大桌子

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/Yohane-Mashiro/dzzoffice_xss https://github.com/zyx0814/dzzoffice/issues/363 https://access.redhat.com/security/cve/cve-2025-63693

Patch

https://github.com/zyx0814/dzzoffice/releases