CVE-2026-30252
Reflected XSS in ZenShare Suite v17.0 Login.php Endpoint
Publication date: 2026-04-02
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| interzen | zenhr | 17.0 |
| interzen | zenproject | 17.0 |
| interzen | zenpurchase | 17.0 |
| interzen | zencrm | 17.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the login.php endpoint for suspicious or crafted URLs containing the GET parameters `codice_azienda` and `red_url` with injected JavaScript code.
You can use network traffic inspection tools or web server logs to identify such requests.
- Use curl or wget to test the login.php endpoint with crafted URLs to see if the response reflects injected scripts.
- Example curl command to test for reflected XSS: curl -v "http://target/login.php?codice_azienda=<script>alert(1)</script>&red_url=test"
- Use web vulnerability scanners that support detection of reflected XSS vulnerabilities targeting the login.php page.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the reflected cross-site scripting (XSS) vulnerabilities in ZenShare Suite impact compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability involves multiple reflected cross-site scripting (XSS) issues in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite version 17.0.
Attackers can exploit this by crafting a URL that injects malicious JavaScript code into the codice_azienda and red_url parameters.
When a user clicks on such a crafted URL, the malicious script executes in the context of the user's browser, potentially compromising their session or data.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the user's browser.
- Steal sensitive information such as session cookies or credentials.
- Perform actions on behalf of the user without their consent.
- Redirect users to malicious websites.
- Potentially compromise the integrity and confidentiality of user data.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user inputs on the login.php endpoint, especially the `codice_azienda` and `red_url` parameters, to prevent injection of malicious scripts.
Additionally, applying any available patches or updates from Interzen Consulting S.r.l for ZenShare Suite to a version beyond v17.0 is recommended.
As a temporary measure, consider implementing web application firewall (WAF) rules to block requests containing suspicious script tags or JavaScript code in these parameters.