Tribalsystems Zenario vulnerabilities
23 known vulnerabilities affecting tribalsystems/zenario.
Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM16
Vulnerabilities
Page 1 of 2
CVE-2021-26830P2CRITICALCVSS 9.1PoCv8.8.527292021-04-16
CVE-2021-26830 [CRITICAL] CWE-89 CVE-2021-26830: SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
ghsanvdosv
CVE-2022-44136P3CRITICALCVSS 9.8v9.3.571862022-11-30
CVE-2022-44136 [CRITICAL] CVE-2022-44136: Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
ghsanvdosv
CVE-2024-34461P3CRITICAL≥ 0, < 9.5.604372024-05-04
CVE-2024-34461 [CRITICAL] CWE-94 Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
ghsaosv
CVE-2021-42171P3HIGHCVSS 7.2v9.0.541562022-03-14
CVE-2021-42171 [HIGH] CWE-434 CVE-2021-42171: Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading a
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
ghsanvdosv
CVE-2018-5960P3HIGHCVSS 8.8v7.1v7.2+4 more2018-01-22
CVE-2018-5960 [HIGH] CWE-89 CVE-2018-5960: Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.aja
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
ghsanvdosv
CVE-2022-23043P3HIGHCVSS 7.2v9.22022-02-24
CVE-2022-23043 [HIGH] CWE-434 CVE-2022-23043: Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
ghsanvdosv
CVE-2018-18420P4HIGHCVSS 8.8v8.32018-10-19
CVE-2018-18420 [HIGH] CWE-352 CVE-2018-18420: Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
nvd
CVE-2021-27672P4MEDIUMCVSS 4.9v8.8.527292021-04-15
CVE-2021-27672 [MEDIUM] CWE-89 CVE-2021-27672: SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allow
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
ghsanvdosv
CVE-2020-36608P4MEDIUMCVSS 6.1fixed in 8.72022-11-02
CVE-2020-36608 [MEDIUM] CWE-707 CVE-2020-36608: A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS.
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea
ghsanvdosv
CVE-2022-4231P4MEDIUMCVSS 5.4v9.3.575952022-11-30
CVE-2022-4231 [MEDIUM] CWE-384 CVE-2022-4231: A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VD
ghsanvdosv
CVE-2024-34460P4MEDIUM≥ 0, < 9.5.606022024-05-04
CVE-2024-34460 [MEDIUM] CWE-79 Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)
ghsaosv
CVE-2023-44769P4MEDIUMCVSS 5.4v9.4.591972023-10-25
CVE-2023-44769 [MEDIUM] CWE-79 CVE-2023-44769: A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to exe
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
ghsanvdosv
CVE-2022-44071P4MEDIUMCVSS 5.4v9.3.571862022-11-16
CVE-2022-44071 [MEDIUM] CWE-79 CVE-2022-44071: Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
ghsanvdosv
CVE-2023-44770P4MEDIUMCVSS 5.4v9.4.591972023-10-06
CVE-2023-44770 [MEDIUM] CWE-79 CVE-2023-44770: A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
ghsanvdosv
CVE-2023-44771P4MEDIUMCVSS 5.4v9.4.591972023-10-06
CVE-2023-44771 [MEDIUM] CWE-79 CVE-2023-44771: A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to exe
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
ghsanvdosv
CVE-2022-44069P4MEDIUMCVSS 5.4v9.3.571862022-11-16
CVE-2022-44069 [MEDIUM] CWE-79 CVE-2022-44069: Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
ghsanvdosv
CVE-2022-44073P4MEDIUMCVSS 5.4v9.3.571862022-11-16
CVE-2022-44073 [MEDIUM] CWE-79 CVE-2022-44073: Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
ghsanvdosv
CVE-2022-44070P4MEDIUMCVSS 5.4v9.3.571862022-11-16
CVE-2022-44070 [MEDIUM] CWE-79 CVE-2022-44070: Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
ghsanvdosv
CVE-2021-27673P4MEDIUMCVSS 4.8v8.8.527292021-04-15
CVE-2021-27673 [MEDIUM] CWE-79 CVE-2021-27673: Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
ghsanvdosv
CVE-2021-41952P4MEDIUMCVSS 4.8v9.0.541562022-03-14
CVE-2021-41952 [MEDIUM] CWE-79 CVE-2021-41952: Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attac
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
ghsanvdosv
1 / 2Next →