Zentao Authorized XSS Vulnerability (CVE-2023-46491) ZentaoPMS Introduction ZentaoPMS is an open-source project management and collaboration tool designed to help teams better plan, track, and complete projects. It is a professional project management platform suitable for organizations of all sizes, including small and medium-sized enterprises and large enterprises. Vulnerability Description ZenTao ZenTao Biz Version Library > Client" function of Zentao biz version 4.1.3, user input data was not filtered, resulting in the execution of arbitrary JavaScript code. Successfully executed Payload insertion in client parameters. The screenshot demonstrates the exploitation process, showing a proof-of-concept where a JavaScript alert is triggered.