Skip to main content

Zenario

18 CVEs product

Monthly

CVE-2024-45964 PHP MEDIUM POC This Month

Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45960 PHP MEDIUM POC This Month

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-44769 PHP MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-44771 PHP MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44770 PHP MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-39578 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-44136 PHP CRITICAL POC PATCH Act Now

Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zenario
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4231 PHP MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Zenario
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44073 PHP MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44071 PHP MEDIUM POC This Month

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44070 PHP MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44069 PHP MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23043 PHP HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-26830 PHP CRITICAL POC PATCH Act Now

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
4.6%
CVE-2021-27673 PHP MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-27672 PHP MEDIUM POC PATCH This Month

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2018-18420 PHP HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zenario
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5960 PHP HIGH This Week

Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Zenario
NVD
CVSS 3.1
8.8
EPSS
0.9%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zenario
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Zenario
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL POC PATCH Act Now

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS +1
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenario
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zenario
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Zenario
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy