GHSA-3636-hx62-pv26

Source

https://github.com/advisories/GHSA-3636-hx62-pv26

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-3636-hx62-pv26/GHSA-3636-hx62-pv26.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3636-hx62-pv26

Aliases

CVE-2024-45960

Published

2024-10-02T21:30:35Z

Modified

2024-10-02T23:27:19.129579Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
1.8 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P CVSS Calculator

Summary

Zenario allows authenticated admin users to upload PDF files containing malicious code

Details

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

Database specific

{
    "nvd_published_at": "2024-10-02T20:15:11Z",
    "cwe_ids": [
        "CWE-434",
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-02T22:35:05Z"
}

References

Affected packages

Packagist / tribalsystems/zenario

Package

Name: tribalsystems/zenario
Purl: pkg:composer/tribalsystems/zenario

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

9.7.61188

Affected versions

7.*

7.5.40440

7.5.41006

7.5.41499

7.5.41633

7.5.42085

7.5.42990

7.5.47180

7.6.41504

7.6.41633

7.6.42085

7.6.42990

7.6.47180

7.7.42682

7.7.42963

7.7.42990

7.7.44223

7.7.47180

7.7.47369

7.7.48583

8.*

8.0.44237

8.0.44273

8.0.44294

8.0.44521

8.0.45032

8.0.45250

8.0.45529

8.0.47180

8.0.48583

8.1.45530

8.1.45698

8.1.46089

8.1.46433

8.1.46615

8.1.47180

8.1.47369

8.1.48583

8.2.46436

8.2.46614

8.2.47180

8.2.47369

8.2.47992

8.2.48583

8.3.47997

8.3.48583

8.3.50564

8.4.50565

8.4.51340

8.5.50567

8.5.50837

8.5.51340

8.6.51342

8.7

8.8

8.8.53370

8.8.53725

8.8.54063

8.9.54063

8.9.54149

8.9.54153

8.9.55141

9.*

9.0.54156

9.0.55141

9.0.57473

9.1.55143

9.1.55510

9.1.55619

9.1.57473

9.2

9.2.55826

9.2.57169

9.2.57473

9.3.57186

9.3.57474

9.3.57595

9.3.57709

9.3.57754

9.3.58670

9.4.58686

9.4.59197

9.4.59574

9.4.60437

9.5.59574

9.5.59647

9.5.60240

9.5.60437

9.5.60602

9.6.60604

9.6.60771

9.6.61188

9.7.61188