Zenario Security Vulnerabilities and Issues — Zenario CVE List

Lucene search

TribalsystemsZenario

6 matches found

CVE•added 2022/03/14 3:15 p.m.•86 views

CVE-2021-41952

Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.

4.8CVSS4.8AI score0.00207EPSS

CVE•added 2021/04/15 2:15 p.m.•76 views

CVE-2021-27673

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.

4.8CVSS5.3AI score0.00228EPSS

CVE•added 2021/04/15 2:15 p.m.•62 views

CVE-2021-27672

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.

4.9CVSS5.5AI score0.00216EPSS

CVE•added 2024/10/02 8:15 p.m.•38 views

CVE-2024-45960

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

4.8CVSS5.8AI score0.00051EPSS

CVE•added 2024/10/02 8:15 p.m.•38 views

CVE-2024-45964

Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.

4.8CVSS5.8AI score0.00025EPSS

CVE•added 2023/08/28 8:15 p.m.•23 views

CVE-2023-39578

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.

4.8CVSS4.9AI score0.01093EPSS