CVE-2018-25331

MEDIUM 6.1

Zenar Content Management System Cross-Site Scripting via ajax.php

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.

CWE	CWE-79
Vendor	zenar
Product	zenar content management system
Published	May 17, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for zenar zenar content management system

Be the first to know when new medium vulnerabilities affecting zenar zenar content management system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

zenar / Zenar Content Management System

7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/44664 demo.zenar.io: http://demo.zenar.io zenar.io: https://zenar.io/ vulncheck.com: https://www.vulncheck.com/advisories/zenar-content-management-system-cross-site-scripting-via-ajax-php

Credits

Berk Dusunur