Vulnerabilities > Tribalsystems > Zenario > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2021-41952 Cross-site Scripting vulnerability in Tribalsystems Zenario 9.0.54156
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG.
network
low complexity
tribalsystems CWE-79
4.8
4.8
2021-04-15 CVE-2021-27673 Cross-site Scripting vulnerability in Tribalsystems Zenario 8.8.52729
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
network
low complexity
tribalsystems CWE-79
4.8
4.8
2021-04-15 CVE-2021-27672 SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
network
low complexity
tribalsystems CWE-89
4.9
4.9