Vulnerabilities > Cszcms > CSZ CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-41601 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters. | 6.1 |
| 2023-08-22 | CVE-2023-39599 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | 5.4 |
| 2023-08-18 | CVE-2023-38910 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | 6.1 |
| 2023-08-18 | CVE-2023-38911 | Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0 A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | 5.4 |
| 2022-03-29 | CVE-2021-43701 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | 4.0 |
| 2021-07-30 | CVE-2021-37144 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. | 6.4 |
| 2019-02-07 | CVE-2019-7566 | Cross-Site Request Forgery (CSRF) vulnerability in Cszcms CSZ CMS 1.1.8 CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | 6.8 |