Vulnerabilities > Cszcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-41601 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters. | 6.1 |
| 2023-08-22 | CVE-2023-39599 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | 5.4 |
| 2023-08-18 | CVE-2023-38910 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | 6.1 |
| 2023-08-18 | CVE-2023-38911 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | 5.4 |
| 2023-03-23 | CVE-2020-19786 | Unrestricted Upload of File with Dangerous Type vulnerability in Cszcms CSZ CMS 1.2.2 File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | 8.8 |
| 2022-05-23 | CVE-2022-28997 | Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0 CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | 7.5 |
| 2022-04-12 | CVE-2022-27161 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers | 9.8 |
| 2022-04-12 | CVE-2022-27162 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser | 9.8 |
| 2022-04-12 | CVE-2022-27163 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser | 9.8 |
| 2022-04-12 | CVE-2022-27164 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers | 9.8 |