Miggo Logo
Miggo Vulnerability Database
CVE-2023-44769

CVE-2023-44769: Zenario CMS Cross-site Scripting vulnerability

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-44769
GHSA ID
GHSA-8g87-73vq-443p
EPSS Score
0.72542%
CWE
CWE-79
Published
10/25/2023
Updated
11/11/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
tribalsystems/zenariocomposer<= 9.4.59197

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information describes a reflected XSS vulnerability in Zenario CMS's Spare aliases handling but does not include specific code samples, commit diffs, or file paths. While the attack vector involves improper neutralization of input in the Spare aliases field, the lack of concrete implementation details (e.g., specific functions responsible for sanitizing/rendering alias data) makes it impossible to identify exact vulnerable functions with high confidence. The vulnerability likely resides in functions processing user-supplied Spare aliases input or rendering alias-related content without proper escaping, but without access to the codebase or patches, these cannot be definitively named.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-Sit* S*riptin* (XSS) vuln*r**ility in Z*n*rio *MS v.*.*.***** *llows * lo**l *tt**k*r to *x**ut* *r*itr*ry *o** vi* * *r**t** s*ript to t** Sp*r* *li*s*s *rom *li*s.

Reasoning

T** provi*** in*orm*tion **s*ri**s * r**l**t** XSS vuln*r**ility in Z*n*rio *MS's Sp*r* *li*s*s **n*lin* *ut *o*s not in*lu** sp**i*i* *o** s*mpl*s, *ommit *i**s, or *il* p*t*s. W*il* t** *tt**k v**tor involv*s improp*r n*utr*liz*tion o* input in t**