CVE-2021-26830 — CVSS 9.1 (critical): SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is…
CVE-2018-5960 — CVSS 8.8 (high): Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
CVE-2018-18420 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the…
CVE-2021-42171 — CVSS 7.2 (high): Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run…
CVE-2022-23043 — CVSS 7.2 (high): Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the…
CVE-2023-44769 — CVSS 5.4 (medium): A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted…
CVE-2023-44770 — CVSS 5.4 (medium): A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to…
CVE-2023-44771 — CVSS 5.4 (medium): A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted…
CVE-2021-27672 — CVSS 4.9 (medium): SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive…
CVE-2021-41952 — CVSS 4.8 (medium): Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims…
CVE-2021-27673 — CVSS 4.8 (medium): Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to…
CVE-2024-45960 — CVSS 4.8 (medium): Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is…
CVE-2023-39578 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web…
CVE-2024-45964 — CVSS 4.8 (medium): Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
CVE-2022-4231 — CVSS 4.2 (medium): A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some…
CVE-2020-36608 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown…