CVE-2018-25331

MEDIUM NVD

CVSS Score 6.1

Severity MEDIUM

Published May 17, 2026

Vendor unknown

Description

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.

References

http://demo.zenar.io
https://www.exploit-db.com/exploits/44664
https://www.vulncheck.com/advisories/zenar-content-management-system-cross-site-scripting-via-ajax-php
https://zenar.io/