Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 17 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zenar
Zenar zenar Content Management System |
|
| Vendors & Products |
Zenar
Zenar zenar Content Management System |
Sun, 17 May 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers. | |
| Title | Zenar Content Management System Cross-Site Scripting via ajax.php | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-05-24T01:36:18.112Z
Reserved: 2026-05-17T11:47:21.491Z
Link: CVE-2018-25331
Updated: 2026-05-18T10:46:07.648Z
Status : Deferred
Published: 2026-05-17T13:16:44.710
Modified: 2026-06-17T01:55:14.847
Link: CVE-2018-25331
No data.
OpenCVE Enrichment
Updated: 2026-05-17T17:00:00Z