CVE-2021-47737
- EPSS 0.02%
- Veröffentlicht 23.12.2025 19:35:47
- Zuletzt bearbeitet 31.12.2025 21:41:12
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phi...
CVE-2021-47738
- EPSS 0.02%
- Veröffentlicht 23.12.2025 19:34:10
- Zuletzt bearbeitet 05.01.2026 14:15:51
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute whe...
CVE-2024-58307
- EPSS 0.1%
- Veröffentlicht 11.12.2025 21:41:54
- Zuletzt bearbeitet 22.12.2025 18:40:40
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially...
CVE-2024-27734
- EPSS 0.1%
- Veröffentlicht 01.03.2024 17:15:07
- Zuletzt bearbeitet 15.05.2025 21:09:45
A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.
CVE-2022-28997
- EPSS 1.77%
- Veröffentlicht 23.05.2022 14:16:26
- Zuletzt bearbeitet 21.11.2024 06:58:18
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.