Lucene search

K

Zenario Security Vulnerabilities

cve
cve

CVE-2023-44769

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from...

5.4CVSS

5.2AI Score

0.0004EPSS

2023-10-25 06:17 PM
13
cve
cve

CVE-2023-44770

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-10-06 01:15 PM
27
cve
cve

CVE-2023-44771

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page...

5.4CVSS

5.2AI Score

0.0004EPSS

2023-10-06 01:15 PM
27
cve
cve

CVE-2023-39578

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text...

4.8CVSS

4.9AI Score

0.0004EPSS

2023-08-28 08:15 PM
9
cve
cve

CVE-2022-44136

Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution...

9.8CVSS

9.6AI Score

0.003EPSS

2022-11-30 03:15 PM
34
2
cve
cve

CVE-2022-4231

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been...

5.4CVSS

5.8AI Score

0.001EPSS

2022-11-30 12:15 PM
51
3
cve
cve

CVE-2022-44073

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users &...

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-16 04:15 PM
42
6
cve
cve

CVE-2022-44071

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via...

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-16 04:15 PM
39
6
cve
cve

CVE-2022-44069

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library...

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-16 04:15 PM
36
8
cve
cve

CVE-2022-44070

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News...

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-16 04:15 PM
40
6
cve
cve

CVE-2020-36608

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

6.1CVSS

5.9AI Score

0.001EPSS

2022-11-02 07:15 PM
36
4
cve
cve

CVE-2021-41952

Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of...

4.8CVSS

4.8AI Score

0.001EPSS

2022-03-14 03:15 PM
71
cve
cve

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so...

7.2CVSS

6.8AI Score

0.035EPSS

2022-03-14 03:15 PM
85
cve
cve

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the...

7.2CVSS

6.9AI Score

0.001EPSS

2022-02-24 03:15 PM
106
9
cve
cve

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete...

9.1CVSS

9.5AI Score

0.002EPSS

2021-04-16 06:15 PM
86
3
cve
cve

CVE-2021-27672

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML...

4.9CVSS

5.5AI Score

0.001EPSS

2021-04-15 02:15 PM
37
4
cve
cve

CVE-2021-27673

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML...

4.8CVSS

5.3AI Score

0.003EPSS

2021-04-15 02:15 PM
59
5
cve
cve

CVE-2018-18420

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent...

8.8CVSS

8.8AI Score

0.001EPSS

2018-10-19 10:29 PM
21
cve
cve

CVE-2018-5960

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or admin_boxes.ajax.php in the Categories - Edit...

8.8CVSS

9AI Score

0.001EPSS

2018-01-22 01:29 AM
28