Vulnerabilities > Tribalsystems
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-02 | CVE-2020-36608 | Cross-site Scripting vulnerability in Tribalsystems Zenario A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. | 6.1 |
2022-03-14 | CVE-2021-41952 | Cross-site Scripting vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. | 4.8 |
2022-03-14 | CVE-2021-42171 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. | 7.2 |
2022-02-24 | CVE-2022-23043 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. | 7.2 |
2021-04-16 | CVE-2021-26830 | SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. | 9.1 |
2021-04-15 | CVE-2021-27673 | Cross-site Scripting vulnerability in Tribalsystems Zenario 8.8.52729 Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. | 4.8 |
2021-04-15 | CVE-2021-27672 | SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729 SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | 4.9 |
2018-10-19 | CVE-2018-18420 | Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 8.8 |
2018-01-22 | CVE-2018-5960 | SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 8.8 |