CVE-2021-27673: 
PHP vulnerability analysis and mitigation

CVE-2021-27673 is a Reflected Cross-Site Scripting (XSS) vulnerability discovered in Zenario CMS version 8.8.52729. The vulnerability was discovered on February 5, 2021, and was fixed on February 8, 2021, in version 8.8.53370. The vulnerability affects the admin interface of Zenario CMS, specifically in the HTML page creation functionality (Medium Blog).

The vulnerability exists in the admin_boxes.ajax.php file, specifically in the 'cID' parameter when creating a new HTML page. When an authenticated administrator creates a new HTML page, the 'cID' parameter accepts and reflects user input without proper sanitization, allowing for the execution of arbitrary JavaScript code (Medium Blog).

The vulnerability allows authenticated administrators to execute arbitrary JavaScript code in the context of other users' browsers who access the affected pages. This could potentially lead to session hijacking, defacement, or other client-side attacks against administrative users (Medium Blog).

The vulnerability has been fixed in Zenario CMS version 8.8.53370. Users are advised to upgrade to this version or later to protect against this vulnerability. The fix can be obtained from the official Zenario GitHub repository (Medium Blog).