CVE-2024-45960 – tribalsystems/zenario

Package

Manager: composer
Name: tribalsystems/zenario
Vulnerable Version: >=0 <=9.7.61188

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

EPSS: 0.00051 pctl0.15629

Details

Zenario allows authenticated admin users to upload PDF files containing malicious code Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.

Metadata

Created: 2024-10-02T21:30:35Z
Modified: 2024-10-02T22:35:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-3636-hx62-pv26/GHSA-3636-hx62-pv26.json
CWE IDs: ["CWE-434", "CWE-79"]
Alternative ID: GHSA-3636-hx62-pv26
Finding: F425
Auto approve: 1