Security Advisory

CVE-2025-63693

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 00:00:00
Last updated 2025-11-19 14:41:00
Assigner mitre
State PUBLISHED

Description

The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up.