CVE-2021-27673

MEDIUM

Tribal Systems Zenario CMS <8.8.52729 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27673. PoCs published by Avinash R.

AI-analyzed exploit summary This is a technical writeup detailing an authenticated SQL injection vulnerability in Zenario CMS 8.8.52729 via the 'cID' parameter. It provides steps to reproduce the issue and confirms the vulnerability but does not include functional exploit code.

Description

Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.

Exploits (1)

exploitdb WRITEUP
by Avinash R · textwebappsphp
https://www.exploit-db.com/exploits/49988

This is a technical writeup detailing an authenticated SQL injection vulnerability in Zenario CMS 8.8.52729 via the 'cID' parameter. It provides steps to reproduce the issue and confirms the vulnerability but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Zenario CMS 8.8.52729
Auth required
Prerequisites: Admin credentials for Zenario CMS · Interceptor tool (e.g., Burp Suite)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.8
EPSS 0.0022
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
tribalsystems/zenario 8.8.52729
tribalsystems/zenario 0 - 8.8.53370Packagist
Published Apr 15, 2021
Tracked Since Feb 18, 2026