CVE-2021-27673

Name of the Vulnerable Software and Affected Versions Zenario CMS version 8.8.52729

Description The issue allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the cID parameter when creating a new HTML component in the "admin boxes.ajax.php" component. This is a case of Cross Site Scripting (XSS), specifically Reflected XSS, which enables the execution of arbitrary code.

Recommendations For Zenario CMS version 8.8.52729, consider disabling the "admin boxes.ajax.php" component or restricting access to it until a patch is available. Avoid using the cID parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.