Moderate severityNVD Advisory· Published Mar 14, 2022· Updated Aug 4, 2024
CVE-2021-41952
CVE-2021-41952
Description
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tribalsystems/zenarioPackagist | < 9.0.55143 | 9.0.55143 |
Affected products
2- Zenario CMS/Zenario CMSdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x8wj-cqmp-3wmmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41952ghsaADVISORY
- github.com/TribalSystems/Zenario/commit/4566d8a9ac6755f098b3373252fdb17754a77007ghsaWEB
- github.com/TribalSystems/Zenario/releases/tag/9.0.55141ghsaWEB
- github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.