CVE-2020-36608

low-risk
Published 2022-11-02

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.

Do I need to act?

-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Tribalsystems

References (4)

Patch https://github.com/TribalSystems/Zenario/commit/dfd0afacb26c3682a847bea7b49ea440...
Third Party Advisory https://vuldb.com/?id.212816
Patch https://github.com/TribalSystems/Zenario/commit/dfd0afacb26c3682a847bea7b49ea440...
Third Party Advisory https://vuldb.com/?id.212816
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal