CVE-2023-46475 Information

Description

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project and in the name field of the project they can inject malicious JavaScript code.

Reference

https://github.com/elementalSec/CVE-Disclosures/blob/main/ZentaoPMS/CVE-2023-46475/CVE-2023-46475%20-%20Cross-Site%20Scripting%20(Stored).md https://github.com/easysoft/zentaopms