CVE-2024-34461
CRITICAL9.8EPSS 0.16%Zenario uses Twig filters insecurely in the Twig Snippet plugin
Published: 5/4/2024Modified: 3/31/2025
Also known as:GHSA-hr2r-w6wc-25pv
Description
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.
Affected packages (1)
- Packagist/tribalsystems/zenariofrom 0, < 9.5.60437
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |