GHSA-6cxv-27r2-fp3m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6cxv-27r2-fp3m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-6cxv-27r2-fp3m/GHSA-6cxv-27r2-fp3m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6cxv-27r2-fp3m
- Aliases
- Published
- 2023-10-06T15:30:20Z
- Modified
- 2024-02-16T08:05:43.712091Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Zenario CMS Cross-site Scripting vulnerability
- Details
-
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2023-10-06T18:44:38Z", "nvd_published_at": "2023-10-06T13:15:13Z", "severity": "MODERATE" }- References
Affected packages
Packagist / tribalsystems/zenario
Package
- Name
- tribalsystems/zenario
- Purl
- pkg:composer/tribalsystems/zenario
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected9.4.59197
Affected versions
7.*
7.5.40440
7.5.41006
7.5.41499
7.5.41633
7.5.42085
7.5.42990
7.5.47180
7.6.41504
7.6.41633
7.6.42085
7.6.42990
7.6.47180
7.7.42682
7.7.42963
7.7.42990
7.7.44223
7.7.47180
7.7.47369
7.7.48583
8.*
8.0.44237
8.0.44273
8.0.44294
8.0.44521
8.0.45032
8.0.45250
8.0.45529
8.0.47180
8.0.48583
8.1.45530
8.1.45698
8.1.46089
8.1.46433
8.1.46615
8.1.47180
8.1.47369
8.1.48583
8.2.46436
8.2.46614
8.2.47180
8.2.47369
8.2.47992
8.2.48583
8.3.47997
8.3.48583
8.3.50564
8.4.50565
8.4.51340
8.5.50567
8.5.50837
8.5.51340
8.6.51342
8.7
8.8
8.8.53370
8.8.53725
8.8.54063
8.9.54063
8.9.54149
8.9.54153
8.9.55141
9.*
9.0.54156
9.0.55141
9.0.57473
9.1.55143
9.1.55510
9.1.55619
9.1.57473
9.2
9.2.55826
9.2.57169
9.2.57473
9.3.57186
9.3.57474
9.3.57595
9.3.57709
9.3.57754
9.3.58670
9.4.58686
9.4.59197