Vulnerabilities > Tribalsystems

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-02	CVE-2020-36608	Cross-site Scripting vulnerability in Tribalsystems Zenario A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. network low complexity tribalsystems CWE-79	6.1
2022-03-14	CVE-2021-41952	Cross-site Scripting vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. network tribalsystems CWE-79	3.5
2022-03-14	CVE-2021-42171	Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. network low complexity tribalsystems CWE-434	6.5
2022-02-24	CVE-2022-23043	Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. network low complexity tribalsystems CWE-434	6.5
2021-04-16	CVE-2021-26830	SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. network low complexity tribalsystems CWE-89	6.4
2021-04-15	CVE-2021-27673	Cross-site Scripting vulnerability in Tribalsystems Zenario 8.8.52729 Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. network tribalsystems CWE-79	3.5
2018-10-19	CVE-2018-18420	Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. network tribalsystems CWE-352	6.8
2018-01-22	CVE-2018-5960	SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. network low complexity tribalsystems CWE-89	6.5

Vulnerabilities > Tribalsystems {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tribalsystems"}]}

Vulnerabilities > Tribalsystems