Low severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024
CVE-2024-45960
This CVE describes malicious code, not an ordinary vulnerability.
- composer /
tribalsystems/zenario— Zenario allows authenticated admin users to upload PDF files containing malicious code
If you have any of these packages installed, remove and rotate any credentials they could have accessed. See the malware feed for full details.
CVE-2024-45960
Description
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tribalsystems/zenarioPackagist | <= 9.7.61188 | — |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.