GHSA-8hcm-jj4x-4gmr

Source

https://github.com/advisories/GHSA-8hcm-jj4x-4gmr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-8hcm-jj4x-4gmr/GHSA-8hcm-jj4x-4gmr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8hcm-jj4x-4gmr

Aliases

CVE-2021-27673

Published

2021-06-08T20:11:40Z

Modified

2024-02-16T08:17:21.867289Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

reflected XSS in tribalsystems/zenario

Details

Reflected XSS in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting into the "cID" parameter when creating a new HTML component.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-19T21:43:48Z",
    "nvd_published_at": "2021-04-15T14:15:00Z",
    "severity": "MODERATE"
}

References

Affected packages

Packagist / tribalsystems/zenario

Package

Name: tribalsystems/zenario
Purl: pkg:composer/tribalsystems/zenario

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.8.53370

Affected versions

7.*

7.5.40440

7.5.41006

7.5.41499

7.5.41633

7.5.42085

7.5.42990

7.5.47180

7.6.41504

7.6.41633

7.6.42085

7.6.42990

7.6.47180

7.7.42682

7.7.42963

7.7.42990

7.7.44223

7.7.47180

7.7.47369

7.7.48583

8.*

8.0.44237

8.0.44273

8.0.44294

8.0.44521

8.0.45032

8.0.45250

8.0.45529

8.0.47180

8.0.48583

8.1.45530

8.1.45698

8.1.46089

8.1.46433

8.1.46615

8.1.47180

8.1.47369

8.1.48583

8.2.46436

8.2.46614

8.2.47180

8.2.47369

8.2.47992

8.2.48583

8.3.47997

8.3.48583

8.3.50564

8.4.50565

8.4.51340

8.5.50567

8.5.50837

8.5.51340

8.6.51342

8.7

8.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-8hcm-jj4x-4gmr/GHSA-8hcm-jj4x-4gmr.json"