Zeeways ZEEPROPERTY Arbitrary File Upload and Cross Site Scripting Vulnerabilities

Zeeways ZEEPROPERTY Arbitrary File Upload and Cross Site Scripting Vulnerabilities

Zeeways ZEEPROPERTY is prone to an arbitrary-file-upload vulnerability that lets attackers upload and execute arbitrary code. The application is also prone to a cross-site scripting issue. These issues occur because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.

These issues affect ZEEPROPERTY 1.0; other versions may also be affected.