Headline
CVE-2020-36608: Fix for a security vulnerability with the Error Log module · TribalSystems/Zenario@dfd0afa
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.
@@ -4723,10 +4723,10 @@ zenarioO.columnValue = function(i, c, dontHTMLEscape) {
href = ' style="cursor: default;"’;
if (item_link == ‘menu_item’) {
href += ' title="’ + htmlspecialchars(item.name) + '|"’;
href += ' title="’ + htmlspecialchars(htmlspecialchars(item.name)) + '|"’;
} else if (item_link == ‘content_item’ || item_link == ‘content_item_or_url’) {
href += ' title="’ + htmlspecialchars(item.name) + '|"’;
href += ' title="’ + htmlspecialchars(htmlspecialchars(item.name)) + '|"’;
}
} else {
@@ -4774,22 +4774,22 @@ zenarioO.columnValue = function(i, c, dontHTMLEscape) {
if (isSKLink) {
if (item_link == ‘menu_item’) {
href += ' title="’ + htmlspecialchars(item.name) + ‘|’ + phrase.clkToViewLinkedMenuNode + '"’;
href += ' title="’ + htmlspecialchars(htmlspecialchars(item.name)) + ‘|’ + phrase.clkToViewLinkedMenuNode + '"’;
} else if (item_link == ‘content_item’ || item_link == ‘content_item_or_url’) {
href += ' title="’ + htmlspecialchars(item.name) + ‘|’ + phrase.clkToViewLinkedCItem + '"’;
href += ' title="’ + htmlspecialchars(htmlspecialchars(item.name)) + ‘|’ + phrase.clkToViewLinkedCItem + '"’;
}
} else if (isURL) {
href += ' title="’ + htmlspecialchars(item.name) + ‘|’ + phrase.clkToViewLinkInNewWindow + '"’;
href += ' title="’ + htmlspecialchars(htmlspecialchars(item.name)) + ‘|’ + phrase.clkToViewLinkInNewWindow + '"’;
}
}
switch (item_link) {
case 'content_item’:
case 'content_item_or_url’:
itemName = item.name;
itemName = htmlspecialchars(item.name);
break;
case 'menu_item’:
Related news
A vulnerability has been found in Tribal Systems Zenario CMS prior to version 8.5.51340. Affected by this issue is some unknown functionality of the file `admin_organizer.js` of the component `Error Log Module`. The manipulation leads to cross site scripting. The attack may be launched remotely. The issue is patched in version 8.5.51340.