tribalsystems/zenario
Packagist22 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tribalsystems/zenariopage 1 of 1
- CVE-2018-18420HIGHCVSS 8.8EG 8.82018-10-19
vulnerable: 42085 ... 9.5.60437 (86 versions)
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
- CVE-2018-5960HIGHCVSS 8.8EG 8.82018-01-22
vulnerable: 7.5.40440 ... 7.5.47180 (7 versions)
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
- CVE-2020-36608LOWCVSS 3.5EG 3.5✓ Fixed in 8.5.513402022-11-02
vulnerable: 7.5.40440 ... 8.5.50837 (49 versions)
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation lea…
- CVE-2021-26830CRITICALCVSS 9.1EG 9.1✓ Fixed in 8.8.533702021-04-16
vulnerable: 7.5.40440 ... 8.8 (53 versions)
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
- CVE-2021-27672MEDIUMCVSS 4.9EG 4.9✓ Fixed in 8.8.533702021-04-15
vulnerable: 7.5.40440 ... 8.8 (53 versions)
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML com…
- CVE-2021-27673MEDIUMCVSS 4.8EG 4.8✓ Fixed in 8.8.533702021-04-15
vulnerable: 7.5.40440 ... 8.8 (53 versions)
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML com…
- CVE-2021-41952MEDIUMCVSS 4.8EG 4.8✓ Fixed in 9.0.551432022-03-14
vulnerable: 7.5.40440 ... 9.0.55141 (62 versions)
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can…
- CVE-2021-42171HIGHCVSS 7.2EG 7.2✓ Fixed in 9.0.551432022-03-14
vulnerable: 7.5.40440 ... 9.0.55141 (62 versions)
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local v…
- CVE-2022-23043HIGHCVSS 7.2EG 7.2✓ Fixed in 9.2.558262022-02-24
vulnerable: 7.5.40440 ... 9.2 (68 versions)
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the ex…
- CVE-2022-4231MEDIUMCVSS 4.2EG 5.42022-11-30
vulnerable: 7.5.40440 ... 9.3.57595 (74 versions)
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The…
- CVE-2022-44069MEDIUMCVSS 5.4EG 5.42022-11-16
vulnerable: 7.5.40440 ... 9.3.57186 (72 versions)
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
- CVE-2022-44070MEDIUMCVSS 5.4EG 5.42022-11-16
vulnerable: 7.5.40440 ... 9.3.57186 (72 versions)
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
- CVE-2022-44071MEDIUMCVSS 5.4EG 5.42022-11-16
vulnerable: 7.5.40440 ... 9.3.57186 (72 versions)
Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
- CVE-2022-44073MEDIUMCVSS 5.4EG 5.42022-11-16
vulnerable: 7.5.40440 ... 9.3.57186 (72 versions)
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
- CVE-2022-44136CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.0.574732022-11-30
vulnerable: 7.5.40440 ... 9.0.55141 (62 versions)
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
- CVE-2023-44769MEDIUMCVSS 5.4EG 5.42023-10-25
vulnerable: 7.5.40440 ... 9.4.59197 (79 versions)
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
- CVE-2023-44770MEDIUMCVSS 5.4EG 5.42023-10-06
vulnerable: 7.5.40440 ... 9.4.59197 (79 versions)
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
- CVE-2023-44771MEDIUMCVSS 5.4EG 5.42023-10-06
vulnerable: 7.5.40440 ... 9.4.59197 (79 versions)
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
- CVE-2024-34460MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.5.606022024-05-04
vulnerable: 7.5.40440 ... 9.5.60437 (85 versions)
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)
- CVE-2024-34461CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.5.604372024-05-04
vulnerable: 7.5.40440 ... 9.5.60240 (84 versions)
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
- CVE-2024-45960MEDIUMCVSS 4.8EG 4.82024-10-02
vulnerable: 7.5.40440 ... 9.7.61188 (90 versions)
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
- CVE-2024-45964MEDIUMCVSS 4.8EG 5.42024-10-02
vulnerable: 7.5.40440 ... 9.7.61188 (90 versions)
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
Check whether tribalsystems/zenario is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tribalsystems/zenario CVEs against the assets you own.
Start Free Scan →