Cszcms

Csz Cms

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-47737

Exploit
  • EPSS 0.02%
  • Veröffentlicht 23.12.2025 19:35:47
  • Zuletzt bearbeitet 31.12.2025 21:41:12

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phi...

5.4

CVE-2021-47738

Exploit
  • EPSS 0.02%
  • Veröffentlicht 23.12.2025 19:34:10
  • Zuletzt bearbeitet 05.01.2026 14:15:51

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute whe...

8.8

CVE-2024-58307

Exploit
  • EPSS 0.1%
  • Veröffentlicht 11.12.2025 21:41:54
  • Zuletzt bearbeitet 22.12.2025 18:40:40

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially...

5.4

CVE-2025-63608

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 00:00:00
  • Zuletzt bearbeitet 22.12.2025 15:17:34

A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.

6.5

CVE-2025-29084

Exploit
  • EPSS 0.1%
  • Veröffentlicht 23.09.2025 18:15:32
  • Zuletzt bearbeitet 25.09.2025 16:09:31

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file.

6.5

CVE-2025-29083

Exploit
  • EPSS 0.1%
  • Veröffentlicht 23.09.2025 18:15:31
  • Zuletzt bearbeitet 25.09.2025 16:09:45

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file.

5.4

CVE-2024-27752

Exploit
  • EPSS 0.42%
  • Veröffentlicht 19.04.2024 16:15:09
  • Zuletzt bearbeitet 21.05.2025 18:18:16

Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.

6.1

CVE-2024-27734

Exploit
  • EPSS 0.1%
  • Veröffentlicht 01.03.2024 17:15:07
  • Zuletzt bearbeitet 15.05.2025 21:09:45

A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.

9.8

CVE-2024-25414

Exploit
  • EPSS 1.88%
  • Veröffentlicht 16.02.2024 02:15:51
  • Zuletzt bearbeitet 14.03.2025 19:15:45

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

6.1

CVE-2023-41601

Exploit
  • EPSS 0.18%
  • Veröffentlicht 06.09.2023 20:15:07
  • Zuletzt bearbeitet 21.11.2024 08:21:20

Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.