{"id":"CVE-2023-44770","details":"A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.","aliases":["GHSA-mr4w-7vm9-cgqx"],"modified":"2026-03-14T12:20:48.862188Z","published":"2023-10-06T13:15:13.033Z","references":[{"type":"EVIDENCE","url":"https://github.com/sromanhu/ZenarioCMS--Reflected-XSS---Organizer-Alias/blob/main/README.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tribalsystems/zenario","events":[{"introduced":"0"},{"last_affected":"c53e3c6b12d57d76a9c0242fe8fca0af3cdd5e98"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.4.59197"}]}}],"versions":["7.0.2e","7.0.3a","7.0.4b","7.0.5b","7.0.5c","7.0.6a","7.0.6b","7.0.7a","7.0.7b","7.0.7c","7.0.7d","7.0.7e","7.1.0","7.1.1","7.1.2","7.2.0","7.2.1","7.2.2","7.2.3","7.3.0","7.4.0","7.4.1","7.4.2","7.4.3","7.4.4","7.5.0","7.5.40440","7.5.41006","7.5.41499","7.6.41504","7.6.41633","7.6.42085","7.7.42682","7.7.42963","7.7.42990","7.7.44223","8.0.44237","8.0.44273","8.0.44294","8.0.44521","8.0.45032","8.0.45250","8.0.45529","8.1.45530","8.1.45698","8.1.46089","8.1.46433","8.2.46436","8.2.46614","8.2.47180","8.2.47369","8.2.47992","8.3.47997","8.3.48583","8.3.50564","8.4.50565","8.5.50567","8.5.50837","8.5.51340","8.6.51342","8.7","8.8","8.8.53370","8.8.53725","8.9.54063","8.9.54149","8.9.54153","9.0.54156","9.0.55141","9.1.55143","9.1.55510","9.1.55619","9.2","9.2.55826","9.2.57169","9.3.57186","9.3.57474","9.3.57595","9.3.57709","9.3.57754","9.3.58670","9.4.58686","9.4.59197"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44770.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}