CVE-2021-41952 Information

Description

Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to .SVG. An attacker can send malicious files to victims and steals victim’s cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8