exploitDog

CVE-2021-47738

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.

Ссылки

https://sourceforge.net/projects/cszcms/
Product
https://www.cszcms.com/
Product
https://www.exploit-db.com/exploits/48354
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/csz-cms-persistent-cross-site-scripting-via-private-messaging
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cszcms:csz_cms:1.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-ggjj-xc5q-883p

CVSS3: 6.4

github

около 2 месяцев назад

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.

EPSS

Процентиль: 19%

0.00059

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79