Stored XSS Vulnerability in Zenario CMS v9.4 Create Function Allows Arbitrary Code Execution via Menu Navigation Text Field

Stored XSS Vulnerability in Zenario CMS v9.4 Create Function Allows Arbitrary Code Execution via Menu Navigation Text Field

CVE-2023-39578 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.

Learn more about our Web App Pen Testing.