Federico Mirra

CVE-2026-30251 WRITEUP MEDIUM WRITEUP

ZenShare Suite 17.0 - XSS

A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.

CVSS 6.1

View Code

CVE-2026-30252 WRITEUP MEDIUM WRITEUP

ZenShare Suite 17.0 - Reflected XSS

Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.

CVSS 6.1

View Code