CSZ CMS
by CSZ CMS
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26776 | Med | 0.35 | 5.4 | 0.01 | Mar 11, 2021 | CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | ||
| CVE-2021-47737 | 0.00 | — | 0.00 | Dec 23, 2025 | CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering… | |||
| CVE-2021-47738 | 0.00 | — | 0.00 | Dec 23, 2025 | CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message… | |||
| CVE-2024-58307 | 0.00 | — | 0.00 | Dec 11, 2025 | CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL… | |||
| CVE-2025-63608 | 0.00 | — | 0.00 | Oct 30, 2025 | A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. | |||
| CVE-2025-29083 | 0.00 | — | 0.00 | Sep 23, 2025 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. | |||
| CVE-2025-29084 | 0.00 | — | 0.00 | Sep 23, 2025 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. |
- risk 0.35cvss 5.4epss 0.01
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
- CVE-2021-47737Dec 23, 2025risk 0.00cvss —epss 0.00
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering…
- CVE-2021-47738Dec 23, 2025risk 0.00cvss —epss 0.00
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message…
- CVE-2024-58307Dec 11, 2025risk 0.00cvss —epss 0.00
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL…
- CVE-2025-63608Oct 30, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.
- CVE-2025-29083Sep 23, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file.
- CVE-2025-29084Sep 23, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file.
Page 2 of 2