CVE-2024-45960
Description
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated admin users in Zenario 9.7.61188 can upload PDFs with malicious code leading to XSS when accessed.
Vulnerability
Overview Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code. This vulnerability is a case of stored cross-site scripting (XSS). [1] [2]
Exploitation
An attacker must have valid admin credentials to upload a malicious PDF. When the PDF is subsequently accessed through the website, the embedded code executes in the context of the viewer's browser, leading to XSS. [1]
Impact
Successful exploitation gives the attacker the ability to execute arbitrary JavaScript in the browser of any user who views the uploaded PDF. This can result in session hijacking, defacement, or further malicious actions. [1]
Mitigation
No official patch has been announced as of publication. Users are advised to restrict PDF uploads to trusted personnel only and consider implementing additional sanitization or validation of uploaded files. [1]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tribalsystems/zenarioPackagist | <= 9.7.61188 | — |
Affected products
2- Zenario/Zenariodescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.