Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/tribalsystems/zenario@9.0.55141 |
|---|
| Type | composer |
|---|
| Namespace | tribalsystems |
|---|
| Name | zenario |
|---|
| Version | 9.0.55141 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 9.2.55826 |
|---|
| Latest_non_vulnerable_version | 9.4.59574 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-2wmg-b4u8-ruek |
| vulnerability_id |
VCID-2wmg-b4u8-ruek |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-41952
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2wmg-b4u8-ruek |
|
| 1 |
| url |
VCID-bcts-8ckd-mfd4 |
| vulnerability_id |
VCID-bcts-8ckd-mfd4 |
| summary |
Unrestricted Upload of File with Dangerous Type
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-42171
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bcts-8ckd-mfd4 |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/tribalsystems/zenario@9.0.55141 |
|---|