exploitDog

CVE-2021-47737

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.

Ссылки

https://sourceforge.net/projects/cszcms/
Product
https://www.cszcms.com/
Product
https://www.exploit-db.com/exploits/48357
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/csz-cms-html-injection-vulnerability-via-member-dashboard
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cszcms:csz_cms:1.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00051

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-96ph-5762-cph5

CVSS3: 5.4

github

около 2 месяцев назад

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.

EPSS

Процентиль: 16%

0.00051

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79