Vulnerabilities > Tribalsystems > Zenario > 8.8.52729

DATE CVE VULNERABILITY TITLE RISK
2021-04-16 CVE-2021-26830 SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin.
network
low complexity
tribalsystems CWE-89
critical
 9.1
9.1
2021-04-15 CVE-2021-27673 Cross-site Scripting vulnerability in Tribalsystems Zenario 8.8.52729
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
network
low complexity
tribalsystems CWE-79
4.8
4.8
2021-04-15 CVE-2021-27672 SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
network
low complexity
tribalsystems CWE-89
4.9
4.9