CVE-2024-45960

MEDIUM

Zenario 9.7.61188 - Authenticated Stored Cross-Site Scripting via PDF File Upload

Title source: llm
STIX 2.1

Description

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

References (1)

Core 1

Scores

CVSS v3 4.8
EPSS 0.0034
EPSS Percentile 26.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
tribalsystems/zenario 9.7.61188
tribalsystems/zenario 0Packagist
Published Oct 02, 2024
Tracked Since Feb 18, 2026