Browse all 4 CVE security advisories affecting ZOO-Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ZOO-Project is an open-source content construction kit for Joomla that enables users to build complex forms and applications without coding. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its four recorded CVEs. The project's security challenges often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous input sanitization and secure coding practices. Users should maintain vigilance with updates and consider implementing additional security layers to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-25284 | Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation — ZOO-ProjectCWE-22 | 6.2 | - | 2025-02-18 |
| CVE-2025-25190 | [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server — ZOO-ProjectCWE-79 | 6.1 | - | 2025-02-10 |
| CVE-2025-25189 | [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script — ZOO-ProjectCWE-79 | 6.1 | - | 2025-02-10 |
| CVE-2024-53982 | Arbitrary file download in Zoo-Project Echo Example — ZOO-ProjectCWE-434 | 9.1 | - | 2024-12-04 |
This page lists every published CVE security advisory associated with ZOO-Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.