Cszcms Csz Cms vulnerabilities
28 known vulnerabilities affecting cszcms/csz_cms.
Total CVEs
28
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH2MEDIUM16
Vulnerabilities
Page 2 of 2
CVE-2021-47738P4MEDIUMCVSS 5.4v1.2.72025-12-23
CVE-2021-47738 [MEDIUM] CWE-79 CVE-2021-47738: CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized user
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
nvd
CVE-2023-41601P4MEDIUMCVSS 6.1v1.3.02023-09-06
CVE-2023-41601 [MEDIUM] CWE-79 CVE-2023-41601: Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow att
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
nvd
CVE-2021-3224P4MEDIUMCVSS 5.4v1.2.92021-03-10
CVE-2021-3224 [MEDIUM] CWE-79 CVE-2021-3224: A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
nvd
CVE-2024-27752P4MEDIUMCVSS 5.4v1.3.02024-04-19
CVE-2024-27752 [MEDIUM] CWE-79 CVE-2024-27752: Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.
nvd
CVE-2021-26776P4MEDIUMCVSS 5.4v1.2.92021-03-11
CVE-2021-26776 [MEDIUM] CWE-79 CVE-2021-26776: CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through th
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
nvd
CVE-2023-39599P4MEDIUMCVSS 5.4v1.3.02023-08-22
CVE-2023-39599 [MEDIUM] CWE-79 CVE-2023-39599: Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary co
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
nvd
CVE-2020-25391P4MEDIUMCVSS 5.4v1.2.92021-07-09
CVE-2020-25391 [MEDIUM] CWE-79 CVE-2020-25391: A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scri
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
nvd
CVE-2020-25392P4MEDIUMCVSS 5.4v1.2.92021-07-09
CVE-2020-25392 [MEDIUM] CWE-79 CVE-2020-25392: A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary we
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
nvd
← Previous2 / 2