Vulnerabilities > Cszcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-41601 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
network
low complexity
cszcms CWE-79
6.1
6.1
2023-08-22 CVE-2023-39599 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
network
low complexity
cszcms CWE-79
5.4
5.4
2023-08-18 CVE-2023-38910 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
network
low complexity
cszcms CWE-79
6.1
6.1
2023-08-18 CVE-2023-38911 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.3.0
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.
network
low complexity
cszcms CWE-79
5.4
5.4
2022-03-29 CVE-2021-43701 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
network
low complexity
cszcms CWE-89
6.5
6.5
2021-07-09 CVE-2020-25391 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
network
low complexity
cszcms CWE-79
5.4
5.4
2021-07-09 CVE-2020-25392 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
network
low complexity
cszcms CWE-79
5.4
5.4
2021-03-11 CVE-2021-26776 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
network
low complexity
cszcms CWE-79
5.4
5.4
2021-03-10 CVE-2021-3224 Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
network
low complexity
cszcms CWE-79
5.4
5.4