CVE-2023-44770

MEDIUM

Zenario CMS 9.4.59197 - Cross-Site Scripting via Organizer Spare Alias

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-44770. PoCs published by sromanhu.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for a reflected XSS vulnerability in ZenarioCMS v.9.4.59197, exploiting insufficient sanitization in the 'Spare alias' field of the Organizer module. The payload triggers an alert popup when executed, demonstrating arbitrary JavaScript execution.

Description

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.

Exploits (1)

nomisec WORKING POC
by sromanhu · poc
https://github.com/sromanhu/CVE-2023-44770_ZenarioCMS--Reflected-XSS---Organizer-Alias

This repository provides a functional proof-of-concept for a reflected XSS vulnerability in ZenarioCMS v.9.4.59197, exploiting insufficient sanitization in the 'Spare alias' field of the Organizer module. The payload triggers an alert popup when executed, demonstrating arbitrary JavaScript execution.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ZenarioCMS v.9.4.59197
Auth required
Prerequisites: Access to the ZenarioCMS admin panel · Ability to create a spare alias in the Organizer module
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
tribalsystems/zenario 9.4.59197
tribalsystems/zenario 0Packagist
Published Oct 06, 2023
Tracked Since Feb 18, 2026