Vulnerability CVE-2023-38910


Published: 2023-08-18

Description:
CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

See advisories in our WLB2 database:
Topic
Author
Date
Low
CSZ CMS 1.3.0 Cross Site Scripting
Daniel Gonzalez
04.09.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/desencrypt/CVE/tree/main/CVE-2023
-

Copyright 2024, cxsecurity.com

 

Back to Top