CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41952

Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1
https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1

Products affected by CVE-2021-41952

Tribalsystems » Zenario » Version: 9.0.54156

cpe:2.3:a:tribalsystems:zenario:9.0.54156

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41952

Products

Pricing

Contact Us