tribalsystems/zenario is vulnerable to cross-site request forgery (CSRF). The application does not verify the authenticity of a request to admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent
, which allows an attacker to submit a request on behalf of the victim when the victim visits a malicious HTML page.