CVE-2021-27673
Cross-site Scripting in packagist/tribalsystems/zenario
Identifiers
CVE-2021-27673
Package Slug
packagist/tribalsystems/zenario
Vulnerability
Cross-site Scripting
Description
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
Affected Versions
Version 8.8.52729
Solution
Upgrade to version 8.8.53370 or above.
Last Modified
2021-04-23
| source |