CVE-2024-45964
- EPSS 0.06%
- Veröffentlicht 02.10.2024 20:15:11
- Zuletzt bearbeitet 03.07.2025 14:29:38
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
CVE-2024-45960
- EPSS 0.13%
- Veröffentlicht 02.10.2024 20:15:11
- Zuletzt bearbeitet 03.07.2025 14:30:23
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
CVE-2024-34461
- EPSS 0.13%
- Veröffentlicht 04.05.2024 05:15:06
- Zuletzt bearbeitet 29.03.2025 00:15:22
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
CVE-2023-44769
- EPSS 0.77%
- Veröffentlicht 25.10.2023 18:17:32
- Zuletzt bearbeitet 21.11.2024 08:26:01
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
CVE-2023-44771
- EPSS 0.22%
- Veröffentlicht 06.10.2023 13:15:13
- Zuletzt bearbeitet 21.11.2024 08:26:02
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
CVE-2023-44770
- EPSS 0.22%
- Veröffentlicht 06.10.2023 13:15:13
- Zuletzt bearbeitet 21.11.2024 08:26:02
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
CVE-2023-39578
- EPSS 1.43%
- Veröffentlicht 28.08.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:15:40
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
CVE-2022-44136
- EPSS 0.86%
- Veröffentlicht 30.11.2022 15:15:10
- Zuletzt bearbeitet 24.04.2025 21:15:19
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
CVE-2022-4231
- EPSS 0.2%
- Veröffentlicht 30.11.2022 12:15:10
- Zuletzt bearbeitet 21.11.2024 07:34:50
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may...
CVE-2022-44071
- EPSS 0.21%
- Veröffentlicht 16.11.2022 16:15:11
- Zuletzt bearbeitet 30.04.2025 16:15:31
Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.