Discoverer:hh

Introduction to zentao

Product official website:https://www.zentao.net/

The zentao Enterprise Edition has expanded horizontally based on the project management process on the basis of the open source version, adding functions such as operation and maintenance management, feedback management, and OA office management to meet the online collaboration needs of more roles, forming a closed-loop management system. The Enterprise Edition is more adaptable to the personalized needs of enterprises, adding functions such as custom workflows, custom large screens, custom pivot tables, custom charts, and AI prompt designers, providing more comprehensive support for enterprise project management. In terms of service, the Enterprise Edition can provide one-on-one customer successful services such as user training, technical support, and review guidance to ensure the implementation of the system.

Vulnerability Description

Zentao Enterprise Edition ≤ 4.1.3 has an xss vulnerability that allows attackers to perform a series of xss attacks, such as stealing cookies

Recurrence of vulnerabilities

I used black box testing to identify this vulnerability,Fill in payload in the search box in the upper right corner,I got an xss!

Payload:<img src="a" onerror="alert(document.cookie)">

Untitled