{"id":"CVE-2020-21268","details":"Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.","modified":"2026-04-10T04:56:23.377820Z","published":"2023-06-20T15:15:11.167Z","references":[{"type":"REPORT","url":"https://github.com/easysoft/zentaopms/issues/40"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/easysoft/zentaopms","events":[{"introduced":"0"},{"last_affected":"a5316c566792de33baa9392a941869c245f590ac"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"11.6.4"}]}}],"versions":["zentao_11.2_build1_20190128","zentaopms_10.1_20180716","zentaopms_10.3.1_20180907","zentaopms_10.3_20170809","zentaopms_10.4.stable_20180928","zentaopms_10.5.1_20181105","zentaopms_10.6.stable_20181120","zentaopms_11.0.stable_20181221","zentaopms_11.1.stable_20190104","zentaopms_11.4.stable_20190325","zentaopms_11.5.stable_20190508","zentaopms_11.6.0.beta1_20190705","zentaopms_11.6.1_20190823","zentaopms_11.6.2_20190906","zentaopms_11.6.3_20190924","zentaopms_11.6.4_20191017","zentaopms_4.3.beta_20130805","zentaopms_5.0.beta1_20130809","zentaopms_6.0.beta1_20140503","zentaopms_6.0.stable_20140625","zentaopms_6.1.stable_20140805","zentaopms_6.1.stable_20140806","zentaopms_6.2.stable_20140827","zentaopms_6.3.stable_20141107","zentaopms_6.4.stable_20141223","zentaopms_7.0.stable_20150206","zentaopms_7.1.stable_20150317","zentaopms_7.2.4_20150703","zentaopms_7.2.5_20150807","zentaopms_7.2.stable_20150525","zentaopms_7.3.stable_20150918","zentaopms_8.0.1_20151224","zentaopms_8.0.stable_20151127","zentaopms_8.1.3_20160323","zentaopms_8.1.stable_20160315","zentaopms_8.2.1_20160524","zentaopms_8.2.2_20160608","zentaopms_8.2.3_20160624","zentaopms_8.2.4_20160628","zentaopms_8.2.5_20160805","zentaopms_8.2.6_20160913","zentaopms_8.2.beta_20160504","zentaopms_8.2.stable_20160517","zentaopms_8.3.4_20160628","zentaopms_8.3.stable_20161109","zentaopms_8.4.1_20161212","zentaopms_8.4.stable_20161206","zentaopms_9.0.1_20170215","zentaopms_9.0.stable_20170117","zentaopms_9.1.1_20170410","zentaopms_9.1.2_20170419","zentaopms_9.2.1_20170522","zentaopms_9.2.stable_20170516","zentaopms_9.3.beta_20170627","zentaopms_9.4_20170726","zentaopms_9.5.1_20170927","zentaopms_9.6.1_20171113","zentaopms_9.6_20171106"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21268.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}