CVE-2024-45960: Zenario allows authenticated admin users to upload PDF files containing malicious code

October 2, 2024

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

References

github.com/TribalSystems/Zenario
github.com/advisories/GHSA-3636-hx62-pv26
grimthereaperteam.medium.com/zenario-9-7-9-7-61188-malicious-file-upload-xss-in-pdf-eb11729fe059
nvd.nist.gov/vuln/detail/CVE-2024-45960

Detect and mitigate CVE-2024-45960 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →