Cszcms: >> Csz Cms Security Vulnerabilities
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-22
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-18
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-18
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-23
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-29