Vulnerabilities > Cszcms > CSZ CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-41601 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters. | 6.1 |
| 2023-08-22 | CVE-2023-39599 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | 5.4 |
| 2023-08-18 | CVE-2023-38910 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | 6.1 |
| 2023-08-18 | CVE-2023-38911 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | 5.4 |
| 2022-03-29 | CVE-2021-43701 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | 6.5 |
| 2021-07-09 | CVE-2020-25391 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | 5.4 |
| 2021-07-09 | CVE-2020-25392 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | 5.4 |
| 2021-03-11 | CVE-2021-26776 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | 5.4 |
| 2021-03-10 | CVE-2021-3224 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | 5.4 |