Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Csz_cms
(Cszcms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-19 | CVE-2024-27752 | Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. | Csz_cms | N/A | ||
| 2024-03-01 | CVE-2024-27734 | A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. | Csz_cms | N/A | ||
| 2024-02-16 | CVE-2024-25414 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | Csz_cms | 9.8 | ||
| 2023-03-23 | CVE-2020-19786 | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | Csz_cms | 8.8 | ||
| 2023-08-22 | CVE-2023-39599 | Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | Csz_cms | 5.4 | ||
| 2021-03-10 | CVE-2021-3224 | A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | Csz_cms | 5.4 | ||
| 2021-03-11 | CVE-2021-26776 | CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | Csz_cms | 5.4 | ||
| 2021-07-09 | CVE-2020-25391 | A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | Csz_cms | 5.4 | ||
| 2021-07-09 | CVE-2020-25392 | A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | Csz_cms | 5.4 | ||
| 2021-07-30 | CVE-2021-37144 | CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. | Csz_cms | 9.1 |