CVE-2023-39578

Name of the Vulnerable Software and Affected Versions Zenario CMS version 9.4

Description A stored cross-site scripting (XSS) vulnerability in the Create function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field. This enables attackers to potentially manipulate the website's behavior or steal user data.

Recommendations For Zenario CMS version 9.4, consider disabling the Create function until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Menu navigation text field to minimize the risk of malicious payload injection.