Every CVE whose affected-product data names Easycorp Zentao, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2024-24216 — CVSS 9.8 (critical): Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of…
CVE-2020-28165 — CVSS 9.8 (critical): The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell…
CVE-2024-24202 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10…
CVE-2022-47745 — CVSS 8.8 (high): ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a…
CVE-2023-44827 — CVSS 8.8 (high): An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to…
CVE-2022-37700 — CVSS 7.5 (high): Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL…
CVE-2021-27556 — CVSS 7.2 (high): The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type…
CVE-2025-5114 — CVSS 6.3 (medium): A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit…
CVE-2020-21268 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment…
CVE-2020-22533 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVE-2021-27558 — CVSS 6.1 (medium): A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such…
CVE-2023-49394 — CVSS 6.1 (medium): Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
CVE-2023-46475 — CVSS 5.4 (medium): A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the…
CVE-2023-44826 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
CVE-2021-27557 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a…
CVE-2023-6439 — CVSS 3.5 (low): A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The…