CVE-2026-30251

n/a · n/a

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Description

A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/skit-cyber-security/ZenShare-Suite

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-30251 | ZenShare Suite 17.0 URL login_newpwd.php codice_azienda cross site scripting

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 2, 2026

Last enriched1d agov2

Trending Score21

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-59711EXP

CVE-2025-59711: An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,

Trending: 56

HIGHCVE-2025-59709EXP

CVE-2025-59709: An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b

Trending: 45

HIGHCVE-2026-26477

CVE-2026-26477: An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_uploa

Trending: 44

CRITICALCVE-2026-28373

CVE-2026-28373: The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp

Trending: 43

CRITICALCVE-2025-59710

CVE-2025-59710: An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the

Trending: 29

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: affectedVersions, severity

Apr 2, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated vendor to Interzen Consulting S.r.l, product to ZenShare Suite, set affected versions to 17.0, changed severity to HIGH, and corrected exploit availability.

affectedVersionsseverity

via VulDB

v11d ago

Initial creation