Browse all 3 CVE security advisories affecting Zorlan. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zorlan serves as a middleware component facilitating data integration between enterprise systems and third-party APIs. Historically, it has been susceptible to remote code execution vulnerabilities due to unsafe deserialization and input validation flaws, with cross-site scripting issues in its web interface. Privilege escalation vulnerabilities have also been documented in its administrative modules. The three CVEs assigned to Zorlan highlight these recurring patterns, with the most recent involving improper access controls that could allow authenticated users to execute unauthorized actions. No major public security incidents have been reported, but the consistent presence of similar vulnerabilities across versions suggests ongoing challenges in secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1799 | Zorlan SkyCaiji Tool.php previewAction server-side request forgery — SkyCaijiCWE-918 | 6.3 | Medium | 2025-03-01 |
| CVE-2025-1791 | Zorlan SkyCaiji Tool.php fileAction unrestricted upload — SkyCaijiCWE-434 | 6.3 | Medium | 2025-03-01 |
| CVE-2024-6252 | Zorlan SkyCaiji Task cross site scripting — SkyCaijiCWE-79 | 2.4 | Low | 2024-06-22 |
This page lists every published CVE security advisory associated with Zorlan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.