CVE-2021-41952
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41952
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41952.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41952
- Aliases
- Published
- 2022-03-14T15:15:09.287Z
- Modified
- 2025-11-14T12:30:07.060524Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
- References
Affected packages
Git / github.com/tribalsystems/zenario
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tribalsystems/zenario
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
7.*
7.0.2e
7.0.3a
7.0.4b
7.0.5b
7.0.5c
7.0.6a
7.0.6b
7.0.7a
7.0.7b
7.0.7c
7.0.7d
7.0.7e
7.1.0
7.1.1
7.1.2
7.2.0
7.2.1
7.2.2
7.2.3
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.5.40440
7.5.41006
7.5.41499
7.6.41504
7.6.41633
7.6.42085
7.7.42682
7.7.42963
7.7.42990
7.7.44223
8.*
8.0.44237
8.0.44273
8.0.44294
8.0.44521
8.0.45032
8.0.45250
8.0.45529
8.1.45530
8.1.45698
8.1.46089
8.1.46433
8.2.46436
8.2.46614
8.2.47180
8.2.47369
8.2.47992
8.3.47997
8.3.48583
8.3.50564
8.4.50565
8.5.50567
8.5.50837
8.5.51340
8.6.51342
8.7
8.8
8.8.53370
8.8.53725
8.9.54063
8.9.54149
8.9.54153
9.*
9.0.54156