Every CVE whose affected-product data names Zend Zendto, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-8986 — CVSS 9.8 (critical): lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an…
CVE-2020-8985 — CVSS 8.8 (high): ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
CVE-2020-8984 — CVSS 7.5 (high): lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
CVE-2018-1000841 — CVSS 6.1 (medium): Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker…
CVE-2021-27888 — CVSS 6.1 (medium): ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
CVE-2013-6808 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web…