Vulnerabilities > Cszcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-41601 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
network
low complexity
cszcms CWE-79
6.1
2023-08-22 CVE-2023-39599 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
network
low complexity
cszcms CWE-79
5.4
2023-08-18 CVE-2023-38910 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
network
low complexity
cszcms CWE-79
6.1
2023-08-18 CVE-2023-38911 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.
network
low complexity
cszcms CWE-79
5.4
2022-05-23 CVE-2022-28997 Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
network
low complexity
cszcms CWE-918
5.0
2022-03-29 CVE-2021-43701 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
network
low complexity
cszcms CWE-89
4.0
2021-07-30 CVE-2021-37144 Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion.
network
low complexity
cszcms CWE-706
6.4
2019-02-07 CVE-2019-7566 Cross-Site Request Forgery (CSRF) vulnerability in Cszcms CSZ CMS 1.1.8
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
network
cszcms CWE-352
6.8