Shodan
Vulnerabilities
Vulnerable Software
Cszcms:  >> Csz Cms  Security Vulnerabilities
CVE-2024-27752
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.
CVSS Score
5.4
EPSS Score
0.006
Published
2024-04-19
CVE-2024-27734
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-01
CVE-2024-25414
An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.035
Published
2024-02-16
CVE-2023-41601
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-06
CVE-2023-39599
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-22
CVE-2023-38910
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-18
CVE-2023-38911
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-18
CVE-2020-19786
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-23
CVE-2022-27161
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-12
CVE-2022-27162
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved