Headline
CVE-2022-44073: XSS upload file SVG in Zenario 9.3.57186 · Issue #6 · hieuminhnv/Zenario-CMS-last-version
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
Summary
hi team,
I found Stored XSS in upload file svg version 9.0.54156 reported the vulnerability with CVE-2021-41952, in version 9.3.57186 i have bypassed it
visit : #1 to view my report
Info
Zenario 9.3.57186 last version
FireFox 105.0.3 (64-bit)
Chrome 106.0.5249.119
I will recreate it again
Steps
Login home page >> Choose Users & Contacts and create any user
Click Image >> Upload an image
payload i inject to svg
go to link file inject , paypload executed
Related news
GHSA-gmf5-q34v-vwvp: Cross-site Scripting in Zenario
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.