Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zenario
(Tribalsystems)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-16 | CVE-2022-44069 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | Zenario | 5.4 | ||
| 2022-11-16 | CVE-2022-44070 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | Zenario | 5.4 | ||
| 2022-11-16 | CVE-2022-44071 | Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | Zenario | 5.4 | ||
| 2022-11-16 | CVE-2022-44073 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | Zenario | 5.4 | ||
| 2021-04-15 | CVE-2021-27672 | SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | Zenario | 4.9 | ||
| 2021-04-15 | CVE-2021-27673 | Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. | Zenario | 4.8 | ||
| 2021-04-16 | CVE-2021-26830 | SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | Zenario | 9.1 | ||
| 2022-02-24 | CVE-2022-23043 | Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | Zenario | 7.2 | ||
| 2022-03-14 | CVE-2021-41952 | Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | Zenario | 4.8 | ||
| 2022-03-14 | CVE-2021-42171 | Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | Zenario | 7.2 |