Vulnerabilities > Cszcms > CSZ CMS > 1.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2021-43701 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | 6.5 |
| 2021-07-30 | CVE-2021-37144 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. | 9.1 |
| 2021-07-09 | CVE-2020-25391 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | 5.4 |
| 2021-07-09 | CVE-2020-25392 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | 5.4 |
| 2021-03-11 | CVE-2021-26776 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | 5.4 |
| 2021-03-10 | CVE-2021-3224 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | 5.4 |