Vulnerabilities
Vulnerable Software
Tribalsystems:  >> Zenario  Security Vulnerabilities
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-16
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-16
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-11-02
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-14
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
CVSS Score
7.2
EPSS Score
0.171
Published
2022-03-14
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-02-24
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVSS Score
9.1
EPSS Score
0.011
Published
2021-04-16
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-04-15
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-04-15
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-10-19


Contact Us

Shodan ® - All rights reserved