CVE ID :CVE-2018-25331 Published : May 17, 2026, 1:16 p.m. | 1 hour, 13 minutes ago Description :Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...