CVE-2018-25331 MEDIUM

CVE-2018-25331: Zenar Content Management System Cross-Site Scripting via ajax.php

Vendor Zenar

Product Zenar Content Management System

Weakness CWE-79 · XSS

Published May 17, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

Description

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.

Key dates

Disclosure timeline

May 17, 2026 CVE published

May 24, 2026 Record updated