Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39599 | 1 Cszcms | 1 Csz Cms | 2023-08-28 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | |||||
| CVE-2023-38910 | 1 Cszcms | 1 Csz Cms | 2023-08-22 | N/A | 6.1 MEDIUM |
| CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | |||||
| CVE-2023-38911 | 1 Cszcms | 1 Csz Cms | 2023-08-22 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | |||||
| CVE-2020-21250 | 1 Cszcms | 1 Csz Cms | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | |||||
| CVE-2021-37144 | 1 Cszcms | 1 Csz Cms | 2021-08-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. | |||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2021-03-17 | 3.5 LOW | 5.4 MEDIUM |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | |||||
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | |||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | |||||
| CVE-2019-13086 | 1 Cszcms | 1 Csz Cms | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | |||||
| CVE-2019-7566 | 1 Cszcms | 1 Csz Cms | 2019-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | |||||