232 matches found
CVE-2022-27163
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUserseditUser...
CVE-2022-27164
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUsersviewUsers...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47737
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47738
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47737
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...
CVE-2021-47737
CSZ CMS 1.2.7 exposes an HTML injection vulnerability in the member messaging system. The issue allows authenticated users to inject HTML hyperlinks into message titles by crafting POST requests to the member dashboard, enabling potential phishing or social engineering. Impact is limited to HTML ...
CVE-2021-47738
CSZ CMS 1.2.7 is affected by a persistent XSS in private messages. The vulnerability arises from unsanitized user-agent header data that attackers can inject with JavaScript, which executes when an admin views the message in the backend dashboard. Affected component: handling of the user-agent he...
CSZ CMS 跨站脚本漏洞
CSZ CMS is an open source web application by the individual developer Cskaza Bassist that allows managing all content and settings on a website. A cross-site scripting vulnerability exists in CSZ CMS version 1.2.7, which stems from insufficient validation of message header inputs and could lead t...
PT-2025-52837
Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description An HTML injection issue exists in CSZ CMS that permits authenticated users to inject malicious hyperlinks into message titles. Attackers can create POST requests to the member messaging system using HTML-based...
CSZ CMS 跨站脚本漏洞
CSZ CMS is an open source web application by the individual developer Cskaza Bassist that allows managing all content and settings on a website. A cross-site scripting vulnerability exists in CSZ CMS version 1.2.7, which stems from insufficient validation of user-agent header inputs and could lea...
CVE-2024-58307
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...
CVE-2025-63608
A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...
CVE-2025-63608
A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...
CVE-2025-63608
CVE-2025-63608 describes a SQL injection in CSZ-CMS
CSZ-CMS 安全漏洞
CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...
CVE-2025-63608
A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...
CVE-2025-63608
A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...
EUVD-2020-18078
Malware in sbrugna...