Cross-Site Scripting Vulnerabilities in CSZ CMS by CSZ CMS
CVE-2023-41601

6.1MEDIUM

Key Information:

Vendor: Cszcms
Status: Csz Cms
Vendor: CVE Published:; 6 September 2023

What is CVE-2023-41601?

Multiple cross-site scripting (XSS) vulnerabilities have been identified in the install/index.php file of CSZ CMS version 1.3.0. These vulnerabilities allow attackers to inject crafted payloads into the Database Username or Database Host parameters, resulting in the execution of arbitrary web scripts or HTML. This exploitation can lead to unauthorized access, data manipulation, and potential fallout for users and systems leveraging this content management system.

References

https://www.cszcms.com/

https://github.com/al3zx/csz_cms_1_3_0_xss_in_install_pag...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Aug 30, 2023

JSON

Cszcms

What is CVE-2023-41601?

References

CVSS V3.1

Timeline