Multiple reflected Cross–Site Scripting vulnerabilities exist in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite 17.0, allowing attackers to inject malicious JavaScript via the codice_azienda and red_url parameters. This flaw permits arbitrary script execution in a victim's browser, which can lead to session hijacking, credential theft, defacement, or redirect to malicious sites. The vulnerability is classified as CWE-79 and can compromise the confidentiality, integrity, and availability of information from the end users perspective.

Interzen Consulting’s ZenShare Suite includes multiple applications: ZenCRM, ZenHR, ZenProject, and ZenPurchase, all running version 17.0. The login.php endpoint present in each product is affected, meaning that any user interacting with any of these applications via the login page is vulnerable.

The CVSS base score of 6.1 indicates a moderate risk. The EPSS score of less than 1% suggests a low likelihood of current exploits, and the vulnerability is not listed in CISA’s KEV catalog. Despite the low exploitation probability, the attack vector is remote and trivial because an attacker only needs to supply a crafted URL. By directing a user to a malicious link containing payloads in the codice_azienda or red_url parameters, the attacker can execute JavaScript in the browser context. Once the script runs, it can exfiltrate session cookies or perform actions on behalf of the user.