Csz Cms@1.2.9 Security Vulnerabilities and Issues — Csz Cms@1.2.9 CVE List

Lucene search

CszcmsCsz Cms1.2.9

6 matches found

CVE•added 2022/03/29 4:15 p.m.•80 views

CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.

6.5CVSS7AI score0.00136EPSS

CVE•added 2021/07/09 10:15 p.m.•68 views

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.

5.4CVSS5.5AI score0.00191EPSS

CVE•added 2021/07/09 10:15 p.m.•56 views

CVE-2020-25392

A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.

5.4CVSS5.4AI score0.00191EPSS

CVE•added 2021/07/30 2:15 p.m.•46 views

CVE-2021-37144

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

9.1CVSS9.2AI score0.00289EPSS

CVE•added 2021/03/11 5:15 p.m.•36 views

CVE-2021-26776

CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.

5.4CVSS5.3AI score0.00172EPSS

CVE•added 2021/03/10 2:15 p.m.•27 views

CVE-2021-3224

A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.

5.4CVSS5.2AI score0.00172EPSS