CVE-2024-45960

MEDIUM4.8EPSS 0.17%

Zenario allows authenticated admin users to upload PDF files containing malicious code

Published: 10/2/2024Modified: 10/2/2024

Description

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

Affected packages (1)

Packagist/tribalsystems/zenariofrom 0, <= 9.7.61188

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-45960
PATCHhttps://github.com/TribalSystems/Zenario
WEBhttps://grimthereaperteam.medium.com/zenario-9-7-9-7-61188-malicious-file-upload-xss-in-pdf-eb11729fe059