VYPR
Moderate severityNVD Advisory· Published Mar 14, 2022· Updated Aug 4, 2024

CVE-2021-41952

CVE-2021-41952

Description

Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tribalsystems/zenarioPackagist
< 9.0.551439.0.55143

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.