CVE-2026-30251

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Description

A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.

Affected Products

Vendor	Product	Versions
—	n/a	n/a

References

https://github.com/skit-cyber-security/ZenShare-Suite

Related News (1 articles)

Tier C

VulDB3d ago

CVE-2026-30251 | ZenShare Suite 17.0 URL login_newpwd.php codice_azienda cross site scripting

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 2, 2026

Last enriched3d agov2

Trending Score14

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: affectedVersions, severity

Apr 2, 2026

Version History

Last enriched 3d ago

v2Tier C3d ago

Updated vendor to Interzen Consulting S.r.l, product to ZenShare Suite, set affected versions to 17.0, changed severity to HIGH, and corrected exploit availability.

affectedVersionsseverity

via VulDB

v13d ago

Initial creation