Zenario

zenario

Vendor: Tribalsystems • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45964 1Tribalsystems 1Zenario Jun 17, 2026 Oct 2, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
CVE-2024-45960 1Tribalsystems 1Zenario Jun 17, 2026 Oct 2, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack...Show more Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.Show less
CVE-2023-44769 1Tribalsystems 1Zenario Jun 17, 2026 Oct 25, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
CVE-2023-44771 1Tribalsystems 1Zenario Jun 17, 2026 Oct 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
CVE-2023-44770 1Tribalsystems 1Zenario Jun 17, 2026 Oct 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
CVE-2023-39578 1Tribalsystems 1Zenario Jun 17, 2026 Aug 28, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
CVE-2022-44136 1Tribalsystems 1Zenario Jun 17, 2026 Nov 30, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
CVE-2022-4231 1Tribalsystems 1Zenario Jun 17, 2026 Nov 30, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to ses...Show more A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.Show less
CVE-2022-44073 1Tribalsystems 1Zenario Jun 17, 2026 Nov 16, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
CVE-2022-44071 1Tribalsystems 1Zenario Jun 17, 2026 Nov 16, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
CVE-2022-44070 1Tribalsystems 1Zenario Jun 17, 2026 Nov 16, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
CVE-2022-44069 1Tribalsystems 1Zenario Jun 17, 2026 Nov 16, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2020-36608 1Tribalsystems 1Zenario Jun 17, 2026 Nov 2, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. T...Show more A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.Show less
CVE-2021-42171 1Tribalsystems 1Zenario Jun 17, 2026 Mar 14, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and...Show more Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.Show less
CVE-2021-41952 1Tribalsystems 1Zenario Jun 17, 2026 Mar 14, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to .SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the ima...Show more Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to .SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.Show less
CVE-2022-23043 1Tribalsystems 1Zenario Jun 17, 2026 Feb 24, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the reques...Show more Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.Show less
CVE-2021-26830 1Tribalsystems 1Zenario Jun 17, 2026 Apr 16, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVE-2021-27673 1Tribalsystems 1Zenario Jun 17, 2026 Apr 15, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when crea...Show more Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.Show less
CVE-2021-27672 1Tribalsystems 1Zenario Jun 17, 2026 Apr 15, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when crea...Show more SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.Show less
CVE-2018-18420 1Tribalsystems 1Zenario Nov 21, 2024 Oct 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.

12 Next