desencrypt/CVE

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-39599 ↗	Aug 22, 2023Tuesday, 22 August 2023, 19:16	5.4 MEDIUM	—
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVE-2023-38910 ↗	Aug 18, 2023Friday, 18 August 2023, 19:15	6.1 MEDIUM	—
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.
CVE-2023-38911 ↗	Aug 18, 2023Friday, 18 August 2023, 19:15	5.4 MEDIUM	—
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.