Filtered by vendor Tribalsystems
Subscribe
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44771 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | |||||
| CVE-2023-44770 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | |||||
| CVE-2023-44769 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | |||||
| CVE-2023-39578 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field. | |||||
| CVE-2022-44136 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 9.8 CRITICAL |
| Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). | |||||
| CVE-2022-44073 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | |||||
| CVE-2022-44071 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | |||||
| CVE-2022-44070 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | |||||
| CVE-2022-44069 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | |||||
| CVE-2022-23043 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | |||||
| CVE-2021-42171 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | |||||
| CVE-2021-41952 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | |||||
| CVE-2021-27673 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-26830 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | |||||
| CVE-2020-36608 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. | |||||
| CVE-2018-5960 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | |||||
| CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | |||||