CVE-2022-36537 Information

Description

ZK Framework v9.6.1 9.6.0.1 9.5.1.3 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

Reference

https://tracker.zkoss.org/browse/ZK-5150