CVE-2021-27673
packagist/tribalsystems/zenario
Cross-site Scripting
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
Version 8.8.52729
Upgrade to version 8.8.53370 or above.
2021-04-23
source |