Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Apr 7, 2026
CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CVE-2021-47738
Description
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
Affected products
2- Cszcms/CSZ CMSv5Range: 1.2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.exploit-db.com/exploits/48354mitreexploit
- www.vulncheck.com/advisories/csz-cms-persistent-cross-site-scripting-via-private-messagingmitrethird-party-advisory
- sourceforge.net/projects/cszcms/mitreproduct
- www.cszcms.commitreproduct
News mentions
0No linked articles in our index yet.