Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zenario
(Tribalsystems)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-02 | CVE-2020-36608 | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. | Zenario | 6.1 | ||
| 2023-10-25 | CVE-2023-44769 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | Zenario | 5.4 | ||
| 2023-10-06 | CVE-2023-44770 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | Zenario | 5.4 | ||
| 2023-10-06 | CVE-2023-44771 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | Zenario | 5.4 | ||
| 2023-08-28 | CVE-2023-39578 | A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field. | Zenario | 4.8 | ||
| 2022-11-30 | CVE-2022-4231 | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability. | Zenario | 5.4 | ||
| 2022-11-30 | CVE-2022-44136 | Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). | Zenario | 9.8 | ||
| 2022-11-16 | CVE-2022-44069 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | Zenario | 5.4 | ||
| 2022-11-16 | CVE-2022-44070 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | Zenario | 5.4 | ||
| 2022-11-16 | CVE-2022-44071 | Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | Zenario | 5.4 |