Vulnerabilities > Tribalsystems > Zenario

DATE CVE VULNERABILITY TITLE RISK
2022-11-02 CVE-2020-36608 Cross-site Scripting vulnerability in Tribalsystems Zenario
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS.
network
low complexity
tribalsystems CWE-79
6.1
2022-03-14 CVE-2021-41952 Cross-site Scripting vulnerability in Tribalsystems Zenario 9.0.54156
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG.
3.5
2022-03-14 CVE-2021-42171 Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156
Zenario CMS 9.0.54156 is vulnerable to File Upload.
network
low complexity
tribalsystems CWE-434
6.5
2022-02-24 CVE-2022-23043 Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension.
network
low complexity
tribalsystems CWE-434
6.5
2021-04-16 CVE-2021-26830 SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin.
network
low complexity
tribalsystems CWE-89
6.4
2021-04-15 CVE-2021-27673 Cross-site Scripting vulnerability in Tribalsystems Zenario 8.8.52729
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
3.5
2018-10-19 CVE-2018-18420 Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
6.8
2018-01-22 CVE-2018-5960 SQL Injection vulnerability in Tribalsystems Zenario
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
network
low complexity
tribalsystems CWE-89
6.5