5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-44073

CVE-2022-44073: Cross-site Scripting in Zenario

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg, Users & Contacts.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-44073

CVE-2022-44073:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tribalsystems/zenario	composer	<= 9.3.57186

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in two key areas: 1) SVG file processing during upload (Users & Contacts feature) where XML-based XSS payloads bypass sanitization, and 2) subsequent rendering of user-controlled SVG content. The combination suggests insufficient input validation in upload handlers and lack of output encoding in profile display components. The Users & Contacts context indicates user management controllers/views as the vulnerable area, with SVG-specific handling being the weak point given the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-44073: Cross-site Scripting in Zenario

CVE-2022-44073:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

CVE-2022-44073: Cross-site Scripting in Zenario

Technical Details

5.4

5.4

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-44073: Cross-site Scripting in Zenario

CVE-2022-44073:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-44073: Cross-site Scripting in Zenario

Technical Details

5.4

5.4

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI